Hi
If you always use the email address for each user as it's authentication
username then you can check at mail acl something like:
deny authenticated = *
condition = ${if eqi{$authenticated_id}{$sender_address}}
message = You are not authorized to use $sender_address
> Hi there,
>
> I ran across a scenario on my new exim setup and am hoping someone can point
> me in the right direction as I am very new to Exim.
>
> Currently, I have Exim 4.69 installed on a FreeBSD 6.4 AMD64 machine with
> MySQL which is now deployed and running stable. We have disabled relaying and
> require users to connect via SSL to authenticate for both sending and
> recieving email.
>
> I have been running some tests and discovered that local authenticated users
> are able to send email as any address they wish, including other local users.
> This poses a security concern for my clients and was hoping to plug this hole.
>
> Is there a way of limiting authenticated users to only send email for their
> authenticated account?
>
> Thanks!
>
>
>
> __________________________________________________________________
> Ask a question on any topic and get answers from real people. Go to Yahoo!
> Answers and share what you know at http://ca.answers.yahoo.com
--
Salu-2 y hasta pronto ...
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. telf +34 902 50 29 75
----------------------------------------------------------------
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
