You replied to your own initial message, not to the message from
David F. Skoll. But I assume that the above is the result from this
code posted by David:
if (lc($sender) ne lc("<$auth_user>")) {
return('REJECT', "$auth_user not authorized to claim to be $sender");
}
This code compared "
us...@domain.com" (the sender address converted to
lower case) with "<
us...@domain.com>" (the authenticated user converted
to lower case and enclosed between "<" and ">"). Obviously those strings
are not equal.
The RFC's specify that the sender address given with the smtp
"MAIL FROM" command must be enclosed between "<" and ">". But sendmail
accepts addresses without the "<" and ">" and you seem to be testing
without those.
Replace the above code with:
unless ($sender =~ /^<?${auth_user}>?$/i) {
return('REJECT', "$auth_user not authorized to claim to be $sender");
}
to make the test independent of the the presence of those "<" and ">".
The goals you specified in your initial message can be achieved without
the MIMEDefang overhead with a few custom rules in the Local_check_mail
rule set. I'll be happy to work this out if you want. But since you
seem to be dealing with compromised accounts and you already installed
MIMEDefang I think you should continue with MIMEDefang and extend
the functionality. Please consider to add spam and virus checking
and warn the user and the system administrators when you block messages
because of invalid sender addresses. This is easy to implement once
MIMEDefang is working.
Regards,
Kees.
--
Kees Theunissen.