AUTH_BLOCK_SENDER_SPOOFING granular config-support

shanti · Sunday at 9:29 AM

Hi,

since the introduction of exim's AUTH_BLOCK_SENDER_SPOOFING in v1.680 some customers' mailclients and webapps
cannot send via that "old" way anymore resulting inaccording exim-reject-errors.

i would like to see a change in this code to accept granular configs like

/etc/virtual/example.com/spoofing_allowed
( # Format:

Code:

# authenticated_user:allowed_sender_address
[email protected]:[email protected]
[email protected]:[email protected]

)

and the implementation of an additional check like

Code:

        # NEW: Allow configured spoofing exceptions per domain
        condition = ${if exists{/etc/virtual/${domain:$sender_address}/spoofing_allowed}\
                      {${if !eq{${lookup{$authenticated_id:$sender_address}lsearch{/etc/virtual/${domain:$sender_address}/spoofing_allowed}}}{}}}\
                      {yes}\
                    }

to allow more control here , because this new limitation though is great but forces many webapps to change .. it would be nice to not just implement that temporary.

RFC
br
-c-

Richard G · Sunday at 12:50 PM

shanti said:
i would like to see a change in this code to accept granular configs like

Did you check the docs about this?

Version 1.680 | Directadmin Docs

DirectAdmin Knowledge Base

docs.directadmin.com

You should be able to use the commands in there so sender spoofing is not done anymore and in fact so the change is reverted by a little customisation.

Invader Zim · 2025-10-21T15:03:56-0600

I'm pretty sure shanti did check it and discovered it's either on or off. Not granular.

Richard G · 2025-10-21T15:22:49-0600

Invader Zim said:
I'm pretty sure shanti did check it and discovered it's either on or off. Not granular.

Isn't granular another word for "detailed"? Because yes it's on or off. Off is the old way, I'm not native English and so don't understand what difference granular would be.
As far as I understood Shanti was not aware he could easily put it off again, but ofcourse I could be wrong due to this fact.

Unless he means to make multiple different options, but in that case he needs to be on the feedback forum for new suggesions. Or use customisations.

Invader Zim · 2025-10-22T01:04:59-0600

Richard G said:
Isn't granular another word for "detailed"?

Yes, but when you look at the examples given it shows that a list is proposed of which account can spoof, even when spooging protection is enabled. At least, that's what I got from it.

fln · 2025-10-22T02:12:46-0600

Thanks for sharing @shanti. We re not yet sure if this should be part of standard exim config file.

By the way there is no need to have custom exim.conf to use it. You can set this condition in the AUTH_BLOCK_SENDER_SPOOFING macro inside the /etc/exim.variables.conf.custom file. Instead of yes, no it can be this long expression that allows sender spoofing for some of the users without any further checks.

Example /etc/exim.variables.conf.custom:

Code:

AUTH_BLOCK_SENDER_SPOOFING = ${if exists{/etc/virtual/${domain:$sender_address}/spoofing_allowed}{${if !eq{${lookup{$authenticated_id:$sender_address}lsearch{/etc/virtual/${domain:$sender_address}/spoofing_allowed}}}{}}}{yes}}

AUTH_BLOCK_SENDER_SPOOFING granular config-support

shanti

Verified User

Richard G

Verified User

Version 1.680 | Directadmin Docs

Invader Zim

Verified User

Richard G

Verified User

Invader Zim

Verified User

fln

Administrator