On Mon, 15 May 2006, Lekshmi A. R wrote: > I have one problem. I have an exim mail server. I have even > configured cyrus-sasl-pwcheck to do SMTP-AUTH. It is checking > /etc/passwd file to do the authentication. Now the problem is even if > the user who is trying to send a mail doesn't have a valid id in the > server, he can authenticate himself with someother users id and send > mail in his name.
In your localuser router, set address_data to the username that corresponds to the address. This will then be available in $sender_address_data in the ACLs after you have run verify=sender. Exim's routing will trace through the aliases and eventually work out the username as a side-effect. You can then compare it to $authenticated_id, and reject the message if they don't match. For more deails have a look at http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20041101/msg00107.html Tony. -- <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> http://dotat.at/ ${sg{\N${sg{\ N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\ \N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}} -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
