Luana Premoli

Well-Known Member
Oct 3, 2016
68
7
8
São Paulo/Brazil
cPanel Access Level
Root Administrator
Hi,

I do not find the "acl_check_data" option Can you tell me the step by step how to configure this?

Code:
[email protected] [public_html]# grep '' /usr/local/cpanel/version && exim --version
11.76.0.20
Exim version 4.91 #1 built 11-May-2018 09:49:25
I wanted to know how to do WHM> Exim Configuration Editor> Advanced Editor and through the command line.

thanks

Block e-mail forging


I believe the following should prevent spoofing in webmail. I am uncertain if this would work for emails sent by a remote client:

Code:
acl_check_data:
deny
 authenticated     = *
 condition = ${if or {{ !eqi{$authenticated_id} {$sender_address} }\
  { !eqi{$authenticated_id} {${address:$header_From:}} }\
 }\
 }
 message     = Your FROM must be as the account you have authenticated with
This would go into the box where it has begin acl directly about it (the second box in the WHM > Exim Configuration Editor > Advanced Editor). If you want to prevent not authenticating for scripts and force SMTP authentication for those scripts, you would need to revoke sendmail.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,257
313
Houston
Hello @Luana Premoli


This is actually a pretty old post and the configurations within aren't necessarily relevant anymore. For what you're looking for you might want to look at the following we have available.

The first is in the exim configuration manager:

EXPERIMENTAL: Rewrite From: header to match actual sender
If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected.
The second is at WHM>>Security Center>>SMTP Restrictions -> Enable