Re: [exim] New compromise...?

Página Inicial
Delete this message
Reply to this message
Autor: Heiko Schlittermann
Data:  
Para: exim-users
Assunto: Re: [exim] New compromise...?
Mark Elkins via Exim-users <exim-users@???> (Mi 25 Sep 2019 03:47:41 EDT):
> However - from my viewpoint, the Username used in the authentication
> "myclient@???" should be the same as the "From".. i.e. <=
> minanilo@???.
> Is there a neat way to drop emails when the "From" is not the same as the
> PLAIN authenticated name?


Yes

In the authenticator use

    server_set_id =


either by just setting $auth1 or $auth2 (depending on the auth
mechanism, for PLAIN $auth2, for LOGIN $auth1).
Or use the authenticated ID ($auth…) (Or use $authN
for a lookup, e.g. to map it to sender addresses)

Note, the authenticated id will appear in the outgoing message.

In MAIL ACL (or later) you can block messages from authenticated users
if authenticated ID does not match the sender address, or you can
ratelimit on the authenticated ID


    MAIL ACL


        deny    message = sorry, sender must match user name
                authenticated = *
               !sender_address = $authenticated_id


or count the distinct recipients per user, allow a burst (so 100/1d
isn't the same as 50/12h)

    RCPT ACL


        deny    message = sorry, too many distinct recipients
                authenticated = *
                ratelimit = 100/1d / per_addr / $authenticated_id


Not tested, not verified against the spec, may contain typos or other
errors. But you should get the idea.

    Best regards from Atlanta/GA
    Viele Grüße aus Atlanta/USA
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -