sendercheck for exim-4
This is a hack for the exim mta version 4
www.exim.org
When a user sends mail using SMTP you have to be either openrelay (which is absolutely not ok), access can be controlled by sender-ip-address or you can require the user to authenticate itself before he can relay.
That's fine, but do you want that your users can choose their sender-address free?
What you can try is my exim-patch which provides a new acl-option called
sendercheck
If a user has authenticated sendercheck looks if the sender-address the user has sent is correct.
How is that checked?
sendercheck takes the sender-address and checks if the user would got emails sent to that address. that's all.
Usage:
First of all you need to enable authentication. Also pam authentication has to be enabled, or sasl or something.
With pam your authenticators could look like:
begin authenticators
fixed_plain:
driver = plaintext
public_name = PLAIN
server_condition = \
${if pam{$2:${sg{$3}{:}{::}}}{yes}{no}}
server_set_id = $2
fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = \
${if pam{$1:${sg{$2}{:}{::}}}{yes}{no}}
server_set_id = $1
Then you need to advertise the authenticator(s):
auth_advertise_hosts = *
or only if the user uses SSL encryption (my preferred config, but then you need to configure SSL/TLS first):
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
Then you can put someting like this in your acl (usually the acl_smtp_rcpt acl):
deny message = "Do not fake yout sender address. Change them or authenticate as another user"
authenticated = *
!sendercheck
I will not explain exim-acl here, you have to be familiar with it.
Download:
Patch for exim-4.33:
exim-4.33-sendercheck.diff
works also with exim-3.34