Silent Ninja

Well-Known Member
Apr 18, 2006
196
0
166
Buenos Aires, Argentina
I'm searching for a way to avoid exim sending e-mails as domains not hosted by me.

As an example...

1. An user using [email protected] logs in via SMTP
2. He should be able to send e-mails as [email protected], since that domain is on /etc/localdomains
3. But he sends an e-mail editting the "from" address impersonating [email protected]
4. yahoo.com obviously is not on /etc/localdomains, and thus I want that e-mail to be blocked

Is there any way to do this with exim e-mail filtering ?

This would really block a lot of outgoing spam, mostly phishing from hacked accounts.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
I believe the following should prevent spoofing in webmail. I am uncertain if this would work for emails sent by a remote client:

Code:
acl_check_data:
deny
 authenticated	 = *
 condition = ${if or {{ !eqi{$authenticated_id} {$sender_address} }\
  { !eqi{$authenticated_id} {${address:$header_From:}} }\
 }\
 }
 message	 = Your FROM must be as the account you have authenticated with
This would go into the box where it has begin acl directly about it (the second box in the WHM > Exim Configuration Editor > Advanced Editor). If you want to prevent not authenticating for scripts and force SMTP authentication for those scripts, you would need to revoke sendmail.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
If the user nobody cannot send, then that is true you won't be able to use sendmail for scripts if you disable nobody from sending under mod_php (DSO).