Getting rid of forged mails usign e-mail authentication (solution with acl)

Un Area

Well-Known Member
Nov 16, 2006
90
1
156
Im having the problem that some users set weak passwords in their email account that can be easily hacked using dictionary attack.
Then the spammer sends something like [email protected] using the authenticated id login of the hacked account ex. [email protected], and the email pass through without a problem.

So I want to compare that the FROM: matchs the Authenticated_id of the sender, for example if [email protected] dont match with [email protected] (the mail is refused) if [email protected] equals [email protected] -> pass ok.

I searched over google and I found this rule, but when I set it to exim doesnt works, email goes through anyways using a forged email address. I dont know if this is the complete rule or its missing a $h_from: parameter or something.

Have anywone tryed this before and what is missing here???

deny
authenticated = *
!condition = ${if eq{$sender_address}{$authenticated_id}{no}{yes}}
message = The sender name must be the same as the login id

Thanks!!
 
Last edited: