Even I’m thinking this patch is needed. While searching I found one old patch for the same, but don’t know can we integrate the same in qmailtoaster.
http://translate.google.co.in/translate?hl=en <http://translate.google.co.in/translate?hl=en&sl=tr&u=http://www.endersys.com.tr/blog/2009/12/16/qmail-from-address-and-smtp-auth-username-check-patch/&prev=/search%3Fq%3Dqmail-from-address-and-smtp-auth-username-check-patch/%26client%3Dfirefox-a%26hs%3DKig%26rls%3Dorg.mozilla:en-US:official> &sl=tr&u=http://www.endersys.com.tr/blog/2009/12/16/qmail-from-address-and-smtp-auth-username-check-patch/&prev=/search%3Fq%3Dqmail-from-address-and-smtp-auth-username-check-patch/%26client%3Dfirefox-a%26hs%3DKig%26rls%3Dorg.mozilla:en-US:official If anyone can look in this may be that is great. Amit Dalia From: Dan McAllister [mailto:q...@it4soho.com] Sent: 18 July 2014 18:44 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Prevent sender from spoofing email address On 7/17/2014 7:32 PM, Hasan Akgöz wrote: Hi Guys; allows SMTP authenticated users to put a fake email address in an email's sender field and the email is sent successfully .How to enforce sender/from address to be “logged_u...@test.com <mailto:logged_u...@test.com> ” in Qmailtoaster ? Hasan: I have brought this up before, and there are certain situations where you NEED for a single auth'd user to be able to "send" mail as anyone. Specifically, when you're using QMT as a filter or smart-host. So the short answer to your query is that it cannot be done. Once you are authenticated to the qmail-smtp program, it will take any email from you -- including email that is spoofed... Dan McAllister PS: I am with you if you believe there should be a way to configure that -- but that is not an option that I am aware of currently. -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail! --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
