Exim spoofing feature acl_check_data doesnt work

[osiem]

Hello, I following this post http://forums.cpanel.net/f43/block-e-mail-forging-232571.html#post957772 to prevent spoofing e-mail from webmail (ex. Roundcube). I've paste thin into BEGINACL box:

acl_check_data:
deny
 authenticated	 = *
 condition = ${if or {{ !eqi{$authenticated_id} {$sender_address} }\
  { !eqi{$authenticated_id} {${address:$header_From:}} }\
 }\
 }
 message	 = Spoof!

But this feature doesn't work. Sender domain is @example.com and when I've used custom FROM e-mail in Roundcube @fbi.gov e-mail was delivered successfull

How to repair this? I'm using the latest WHM & CPanel.

 

[cPanelMichael]

Hello

You can try enabling the following option under the "Mail" tab in "WHM Home » Service Configuration » Exim Configuration Manager":

"EXPERIMENTAL: Rewrite From: header to match actual sender"

If you enable this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected.

Thank you.