Getting rid of forged mails usign e-mail authentication (solution with acl)

Un Area

Well-Known Member
Nov 16, 2006
Im having the problem that some users set weak passwords in their email account that can be easily hacked using dictionary attack.
Then the spammer sends something like [email protected] using the authenticated id login of the hacked account ex. [email protected], and the email pass through without a problem.

So I want to compare that the FROM: matchs the Authenticated_id of the sender, for example if [email protected] dont match with [email protected] (the mail is refused) if [email protected] equals [email protected] -> pass ok.

I searched over google and I found this rule, but when I set it to exim doesnt works, email goes through anyways using a forged email address. I dont know if this is the complete rule or its missing a $h_from: parameter or something.

Have anywone tryed this before and what is missing here???

authenticated = *
!condition = ${if eq{$sender_address}{$authenticated_id}{no}{yes}}
message = The sender name must be the same as the login id

Last edited: