tlyons at ivenue
Sep 24, 2009, 7:49 AM
Post #4 of 6
(950 views)
Permalink
|
On Wed, Sep 23, 2009 at 11:01 PM, janek <janek.fc5 [at] gmail> wrote:
> Some more info how to do it please - I'm really not good at configuring
> exim.
He just told you not to do it. That's why he didn't say how to :-)
> Reason for rewriting From: header inside email with MAIL FROM: is anti mail
> sender spoof. MAIL FROM: gets verified in smtp session, from: header does
> not. Gmail does such rewriting. Other servers do not and you can send email
> using their service while signing as any sender. I realize that such rewrite
> is not with accordance with rfc-s but many things can't be those time when
> fighting abusers.
When you get this email from me through the mailing list, would you
rather it said from Todd Lyons <my_email_address> or would you rather
it said From exim-users [at] exim If you do your from rewriting the
way you are requesting, you will never know my email address to mail
me directly because you will overwrite it with the mailing list
address.
IMHO, you should not do this. Instead it is common to add headers
that detail that information (the Sender: header for example). You'll
also see things such as X-Authenticated-User or X-Authenticated-Sender
in the event of a user who uses SMTP Auth to send the email. Store
the HELO user in the email with add_header instead of rewriting the
From: header.
However, if you choose to still do From header rewriting, you want to
only do it in very specific situations. And he mentioned that you'll
want to do that using headers_add and headers_remove in the transport
or transports that your mail flows through.
--
Regards... Todd
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
|
signature.asc
