Paul Ooi wrote: > Hey guys, > > I managed to solve it by putting this line in main configuration; > local_from_check = false
That fixes your immediate problem, but is a band-aid you should not need if all else is OK. You need to dig deeper. For starters IF you must have shell or local users, (with different rules and routers and transports than remote submission) they should not have the same [EMAIL PROTECTED] that you might use from a remote box with a submission MUA. You can DO this, but it is a needless *N*X legacy that complicates rules and settings. It makes many things simpler and easier to configure securely if you treat all mail users as 'virtual' and do not use local accounts for routine bothway mail. Best if only the chron'ed reports are local originators and there are aliases the point *OFF BOX* for 'postmaster', 'abuse', 'webmaster', etc. > > I would like to know there is there any way to verify the sender smtp > username is matched to sender email address? It's to avoid the sender spoof > the email address from other people. > > Paul Expect spoofed senders, spoofed HELO, spoofed domains, bogus recipients, deliberately malformed messages, headers that lie, and everything else. Even IP's can be forged. OTOH, Exim has great tools for detecting all such probable attempts and more, and let's you decide how best to deal with them intelligently for *your* environment. It is not necessarily a 'bad thing' if a user with more than one account - not necessarily even all on your server - wants replies to go to his *other* account, and/or need an alias or forwarder in place. As to 'vetting' submission from MUA's, there are lots of ways, but matching [EMAIL PROTECTED] or furnished-HELO to originating IP is nowhere near enough, nor of much use when most far-end's are behind NAT'ed DHCP, and/or may be mobile. Conversely, AUTH methods that work most securely, such as issuing S-codes or installing and requiring matching per-user PEM certs on server and remote MUA, also place severe restrictions on the selection of compatible MUA's, *and* end-user skills and common sense. Usually too much admin work for the apparent gain. Much simpler to insure that you absolutely require authentication for remote-MUA submission, that it is DECENT authentication, and that you only accept it on port 587 over TLS from your trusted user community. Keep it simple. Plain auth under SSL/TLS is better than most folks often want to admit, as the odds of a remote client being compromised by any of an number of means, starting with simply sitting down in front of someone's PC when their head is turned, are orders of magnitude greater than the odds of the server itself being hacked. And that is *per each* remote workstation! Don't forget that the login user name does NOT have to be of the form '[EMAIL PROTECTED]'. You can configure your authenticators and MUA far more flexibly than that. HTH, Bill Hacker > > > ----- Original Message ----- > From: "W B Hacker" <[EMAIL PROTECTED]> > To: "exim users" <[email protected]> > Sent: Monday, July 17, 2006 13:14 > Subject: Re: [exim] after server_set_id it becomes <user>@<primaryhostname> > insteady of <user>@<domainname> > > >>Paul Ooi wrote: >> >> >>>Dear All, >>> >>> I am having problem with my Exim. when I configured server_set_id in >>>SMTP login, it shows, >>> >>> 2006-07-17 11:32:43 1G2Jqd-000228-CO <= "[EMAIL PROTECTED]"@hostname >>>H=(PAULOOI) [203.223.134.xx] P=esmtpa A=auth_login:[EMAIL PROTECTED] >>>S=1391 [EMAIL PROTECTED] >>> >>> How can I make it [EMAIL PROTECTED] instead of [EMAIL >>> PROTECTED]@hostname? The >>>exim >>>running support multiple domains. >>> >>>Paul >>> >>> >> >>Fisrt, grep your configure file for quotes, find the place you used those >>incorrectly to produce the above error, and fix that. >> >>IF it persiste, then see if you are 'qualifying' users (adding a missing >><domain>.<tld>) where you do not wish to. >> >>Fixing the quote error may obviate the problem, is that is 'hiding' the >>already-present information from Exim, hence it adds it. >> >>Bill >> >> >>-- >>## List details at http://www.exim.org/mailman/listinfo/exim-users >>## Exim details at http://www.exim.org/ >>## Please use the Wiki with this list - http://www.exim.org/eximwiki/ > > > -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
