Mark Elkins via Exim-users <exim-users@???> (Mi 25 Sep 2019 03:47:41 EDT):
> However - from my viewpoint, the Username used in the authentication
> "myclient@???" should be the same as the "From".. i.e. <=
> minanilo@???.
> Is there a neat way to drop emails when the "From" is not the same as the
> PLAIN authenticated name?
Yes
In the authenticator use
server_set_id =
either by just setting $auth1 or $auth2 (depending on the auth
mechanism, for PLAIN $auth2, for LOGIN $auth1).
Or use the authenticated ID ($auth…) (Or use $authN
for a lookup, e.g. to map it to sender addresses)
Note, the authenticated id will appear in the outgoing message.
In MAIL ACL (or later) you can block messages from authenticated users
if authenticated ID does not match the sender address, or you can
ratelimit on the authenticated ID
MAIL ACL
deny message = sorry, sender must match user name
authenticated = *
!sender_address = $authenticated_id
or count the distinct recipients per user, allow a burst (so 100/1d
isn't the same as 50/12h)
RCPT ACL
deny message = sorry, too many distinct recipients
authenticated = *
ratelimit = 100/1d / per_addr / $authenticated_id
Not tested, not verified against the spec, may contain typos or other
errors. But you should get the idea.
Best regards from Atlanta/GA
Viele Grüße aus Atlanta/USA
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -