Block e-mail forging

[Silent Ninja]

I'm searching for a way to avoid exim sending e-mails as domains not hosted by me.

As an example...

1. An user using email@localdomain.com logs in via SMTP
2. He should be able to send e-mails as email@localdomain.com, since that domain is on /etc/localdomains
3. But he sends an e-mail editting the "from" address impersonating another.mail@yahoo.com
4. yahoo.com obviously is not on /etc/localdomains, and thus I want that e-mail to be blocked

Is there any way to do this with exim e-mail filtering ?

This would really block a lot of outgoing spam, mostly phishing from hacked accounts.

[cPanelTristan]

I believe the following should prevent spoofing in webmail. I am uncertain if this would work for emails sent by a remote client:

Code:

acl_check_data:
deny
 authenticated	 = *
 condition = ${if or {{ !eqi{$authenticated_id} {$sender_address} }\
  { !eqi{$authenticated_id} {${address:$header_From:}} }\
 }\
 }
 message	 = Your FROM must be as the account you have authenticated with

This would go into the box where it has begin acl directly about it (the second box in the WHM > Exim Configuration Editor > Advanced Editor). If you want to prevent not authenticating for scripts and force SMTP authentication for those scripts, you would need to revoke sendmail.

[Silent Ninja]

Damn, I forgot about the php-mailer...

Could you do that avoiding the user "nobody"? (I'm using mod_php)

[cPanelTristan]

If the user nobody cannot send, then that is true you won't be able to use sendmail for scripts if you disable nobody from sending under mod_php (DSO).