In sendmail most of the operations are done on the envelope addresses and not the mail body addresses. So even for authentication, sendmail can verify if the authentication username is same as that of envelope from address, but it is quite hard to check if the authentication username is same as the mail body from address.
Sendmail only works with envelopes. It does not try to modify the mail body. (With the exception of rewriting mail body to/from addresses for masquerading.)
So if you are trying to establish if the mail has originated from a user whose name appears in the from address, you should resort to thing like digital signatures, PGP, etc.
Amitay.
On Thu, 2004-02-26 at 17:59, Paresh N Patel wrote:
Hi All:
I am working on securing sendmail server and facing some problem. Below are more details about my server setup and configuration.
I am using Red Hat Linux distro with sendmail version 8.12.10.
On sendmail server, I had turn on LOGIN and PLAIN authentication mechanism, so that people who are using outlook express or Mozilla can successfully able to authenticate and able to send mail using my sendmail SMTP.
I am having no problem at all with sendmail everything is working fine. My users are able to successfully authenticate and send and receive mail using my SMTP / POP3.
Now, I have two users named Jack and Jill
Jack has configured his outlook express with his profile and email id as jack@mydomain.com. While specifying SMTP server he has selected option "My Server requires Authentication "
Now he creates a mail and tries to send it. He is prompted to specify user id and password for authenticating at my SMTP server. He puts his userid - jack and his password - ****. And mail is successfully delivered.
The restriction I want to put in sendmail is as below.
Jack creates another mail and tries to send it. Again he is prompted to specify user id and password for authenticating at my SMTP server. Now this time he puts jill's userid and jill's password- ****. The SMTP server authenticates and accepts mail delivery.
I don't want to allow jack@mydomain.com user to use authentication credential of any other user and able to delivery mail. I must check that if the username, which is being authenticated, is jack then the email address must contain jacks (ie jack@mydomain.com). Else don't accept mail delivery. ==================
when I opened sendmail.cf I found something like this. But failed to manage what I want to do.
###################################################################### ### trust_auth: is user trusted to authenticate as someone else? ### Parameters: ### $1: AUTH= parameter from MAIL command ###################################################################### SLocal_trust_auth Strust_auth R$* $: $&{auth_type} $| $1 # required by RFC 2554 section 4. R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" R$* $| $&{auth_authen} $@ identical R$* $| <$&{auth_authen}> $@ identical R$* $| $* $: $1 $| $>"Local_trust_auth" $2 R$* $| $#$* $#$2 R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} #############
Can anyone give me hint as I don't know to play with sendmail rule sets.
Regards,
Paresh
Marriage? Join BharatMatrimony.com. http://www.bharatmatrimony.com/cgi-bin/bmclicks1.cgi?74
Amitay.