On Thu, Jul 31, 2008 at 05:07:18PM -0700, Phil Pennock wrote: > On 2008-07-31 at 15:00 +0100, Mike Cardwell wrote: > > Shove this (untested) in your data acl: > > The DATA ACLs are for when there is a DATA command, which implies SMTP. > PHP on Unix uses the sendmail command interface, which is why I > suggested $caller_uid in the acl_not_smtp ACL. Using $sender_ident and > a data ACL will help for the SMTP case though, yes. And protecting both > is helpful.
On the web hosting I used to run (as mentioned in the thread referenced earlier, "Feature req: env var logging"), I only allowed the sendmail interface, not SMTP, for exactly that reason: so that Exim could reliably know what local user was sending the mail, and read their CGI environment variables (to track abuse). -- Dave Evans http://djce.org.uk/ http://djce.org.uk/pgpkey
signature.asc
Description: Digital signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
