Prevent one local user from sending as another?
Bill Leonard
me how to do this a copy of the Lord Of The Rings DVD (widescreen!) :-)
Anyway, I am trying to figure out how to prevent a perfectly legit user on
my server, say, us...@domain.com from sending mail as us...@domain2.com. Both
domain1 and domain2 are local to my server. Both users have local mailboxes.
The problem is that If I am allowing them to send from their IP or host
name, they can send out mail as ANYONE on the server. Not good.
How can I address this? Authenticated POP login? Something else? I'm
guessing there's more than one way...
Any help would be great!
Thanks,
Bill
Claus Aßmann
> Anyway, I am trying to figure out how to prevent a perfectly legit user on
> my server, say, us...@domain.com from sending mail as us...@domain2.com. Both
> domain1 and domain2 are local to my server. Both users have local mailboxes.
> The problem is that If I am allowing them to send from their IP or host
> name, they can send out mail as ANYONE on the server. Not good.
> How can I address this? Authenticated POP login? Something else? I'm
> guessing there's more than one way...
Use SMTP AUTH (or STARTTLS).
However, that's not trivial.
1. You must enforce SMTP AUTH for local users.
That's not too hard, you can run an MSA for them that requires SMTP
AUTH. If you want this only for external mail, then just disallow
relaying by anything but authentication.
2. You must enforce that the envelope sender is the same as the
authenticated user.
This requires a little Local_check_mail ruleset that compares the
sender address with {auth_authen}.
For details, see doc/op/op.* and
http://www.sendmail.org/~ca/email/auth.html
--
If you feel the urgent wish to send me a courtesy copy of a Usenet
posting, then make sure it's recognizable as such!
The FAQ: http://www.sendmail.org/faq/ Before you ask.