Exim restrict from address to login

Z

ZzZzZ

New member
Joined
Jun 22, 2009
Messages
4
I'm running several DirectAdmin boxes with Exim, to send e-mail by these servers users need to authenticate.

So far so good...

Once authenticated users can use every "from" e-mail address they like.
Is it possible force the domain or complete e-mail address as used during authentication?

So if the login is something like: [email protected]
The from address needs to be: john @example.com or ***@example.com
 
I tried the following, it seems to work:

#1 disabled the popb4smtp feature
# accept hosts = +relay_hosts

#2 changed of the all accept (if auth)
# accept hosts = +auth_relay_hosts
accept sender_domains = +local_domains
endpass
message = authentication required
authenticated = *
deny message = relay not permitted
(Made the same change to the port 587 part)

The only thing is that it always returns the "relay not permitted" error in the mail client.
Maybe someone can fix this minor issue?
 
I'm not sure why you're getting the message. What happens when you comment out the entire deny message line?

Lots of server admins (on other platforms as well) like this restriction but it's technically against RFCs and also causes inconvience to lots of users who want to (for example) send email through their account but receive email through google or some other account.

This is the sort of limitation which should be enforced by email address domains using -all at the end of their SPF record, and recipient servers who want to assure this restriction is followed more srictly enforcing SPF restrictions. Which would of course break forwarding.

Email has been in a state of flux for a long time, and it doesn't look as if we're going to have all the answers anytime soon.

Jeff
 
@nobaloney

also causes inconvience to lots of users who want to (for example) send email through their account but receive email through google or some other account.
Click to expand...

Thats a matter of TOS, I'd rather say. Those who does not want to leave relaying for authenticated users should not be forced to do it by RFCs, does it?!


@ZzZzZ

Try to remove
Code: 
endpass

it's said here http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECID200:

If the failing condition is before endpass, control is passed to the next ACL statement
Click to expand...
 
I don't write the RFCs; I just (occasionally) point them out.

Good catch on the endpass. I should have caught it but didn't. Many of us, including me, don't pay enough attention to where a new ACL starts.

Jeff
 
You must log in or register to reply here.
Back
Top