The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Getting rid of forged mails usign e-mail authentication (solution with acl)

Discussion in 'E-mail Discussions' started by Un Area, Nov 21, 2012.

  1. Un Area

    Un Area Well-Known Member

    Joined:
    Nov 16, 2006
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Im having the problem that some users set weak passwords in their email account that can be easily hacked using dictionary attack.
    Then the spammer sends something like spammail@hotmail.com using the authenticated id login of the hacked account ex. mail@domain.com, and the email pass through without a problem.

    So I want to compare that the FROM: matchs the Authenticated_id of the sender, for example if spammail@hotmail.com dont match with mail@domain.com (the mail is refused) if mail@domain.com equals mail@domain.com -> pass ok.

    I searched over google and I found this rule, but when I set it to exim doesnt works, email goes through anyways using a forged email address. I dont know if this is the complete rule or its missing a $h_from: parameter or something.

    Have anywone tryed this before and what is missing here???

    deny
    authenticated = *
    !condition = ${if eq{$sender_address}{$authenticated_id}{no}{yes}}
    message = The sender name must be the same as the login id

    Thanks!!
     
    #1 Un Area, Nov 21, 2012
    Last edited: Nov 21, 2012
Loading...

Share This Page