Re: [exim] Force valid sender domain from php

Mon, 10 Jul 2006 05:36:41 -0700 

I would do something like that in data ACL:

deny
condition = ${if match
{$header_from}{\N(domain1|domain2|domain3)\N}{no}{yes}}


Will Harrison wrote:
> Sorry - the regexp in data ACL. I think the other method may be more
> easily bypassed.
> 
> Do you know if there are any examples of the regexp method as I am no
> exim expert.
> 
>>>
>>>
>>> Renaud Allard wrote:
>>>> It will check the actual sender, the one in the "MAIL FROM:" SMTP
>>>> negotiation. This is the "return-path".
>>>>
>>>> Of course, if your php scripts send everything as "[EMAIL PROTECTED]" (php
>>>> mail() function I think) this won't be a good solution. So you should
>>>> use a php function which speaks SMTP and force php devs to use it.
>>>>
>>>> If you require that this happens with the "From:" header, you will have
>>>> to use a regexp in the data acl.
>>>>
>>>> Will Harrison wrote:
>>>>> Thank you Renaud
>>>>>
>>>>> Will this actually check the "From:" header or just the actual sender?
>>>>>
>>>>> Thanks again
>>>>>
>>>>> Will
>>>>>
>>>>> Renaud Allard wrote:
>>>>>> Of course, with something like that it should work:
>>>>>>
>>>>>> acl_check_rcpt:
>>>>>>
>>>>>>         accept
>>>>>>         hosts           = :
>>>>>>         endpass
>>>>>>         message         = Sending mails from
>>>>>> $sender_address_domain is
>>>>>> not permitted
>>>>>>         sender_domains  = +local_domains
>>>>>>
>>>>>>         accept
>>>>>>         authenticated   = *
>>>>>>         endpass
>>>>>>         message         = Sending mails from
>>>>>> $sender_address_domain is
>>>>>> not permitted
>>>>>>         sender_domains  = +local_domains
>>>>>>
>>>>>>
>>>>>> Will Harrison wrote:
>>>>>>> Can we restrict mails sent from the local host to only be allowed to
>>>>>>> have their sender/from address be from a valid domain in
>>>>>>> /etc/localdomains?
>>>>>>>
>>>>>>> If a php script is used by a spammer he will usually set the from
>>>>>>> address to something other than the real domain e.g.
>>>>>>> [EMAIL PROTECTED] As paypal.com in not listed in localdomains can
>>>>>>> we reject it?
>>>>>>>
>>>>>>> I hope I am making sence. Thanks in advance.
>>>>>>>
>>>>>>> Will
>>>>>>>
>>>
>>
>

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Reply via email to