LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-29-2004, 01:42 AM   #1
rrigo
LQ Newbie
 
Registered: Oct 2002
Distribution: debian
Posts: 4

Rep: Reputation: 0
Restricting email


I need to restrict some users from sending email with someone's else username. For example, bob would send email with john@example.com email address. How can I restrict him to send email only from bob@example.com? Thanks
 
Old 09-30-2004, 01:55 AM   #2
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
ahh well maybe you need to describe the problem in a bit more detail.

is bob using john's MUA to send his mail?
is bob simply re-writing the header in his email (by for example typing john's email address into his MUA)?

i guess a blanket answer may be that if you limit bob to sending his email to say a web based front end then (assuming he doesn't know john's password) he would have to use the setting built into that and would not be able to mangle the header. having said that he could simply telnet to your SMTP server and type the mail in by hand and therefore use whatever name he felt like.

the other thing that may be an option is for you to re-write the FROM: based on the HELO. this would only work if bob sends all his mail from the same pc so you could be sure it was him sending the mail.

this may not be what you are asking to solve however so let me know if i am on the right track
 
Old 10-02-2004, 07:04 PM   #3
rrigo
LQ Newbie
 
Registered: Oct 2002
Distribution: debian
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by Sutekh
ahh well maybe you need to describe the problem in a bit more detail.

is bob using john's MUA to send his mail?
is bob simply re-writing the header in his email (by for example typing john's email address into his MUA)?

i guess a blanket answer may be that if you limit bob to sending his email to say a web based front end then (assuming he doesn't know john's password) he would have to use the setting built into that and would not be able to mangle the header. having said that he could simply telnet to your SMTP server and type the mail in by hand and therefore use whatever name he felt like.

the other thing that may be an option is for you to re-write the FROM: based on the HELO. this would only work if bob sends all his mail from the same pc so you could be sure it was him sending the mail.

this may not be what you are asking to solve however so let me know if i am on the right track

Thanks for your reply. This is my problem. I have several persons with accounts in my server. They have 2 ways of sending email. One is using ssh and then mutt, mail, etc. and the second way of doing so is to send it thru a web front end (squirrel mail). Now, everything was good until someone noticed that they can send email using someones else name and that they could change the email address so that it seemed that it was sent by someone else that has an account in my server. Some of this persons have also aliases so that they have more than 1 email address. For example I have my personal email address and then I create aliases for email addresses that I'm going to put in a form. So my question was: what is the best way to restrict mail so that users can only send email using their email address and the ones that they have aliases.



Thanks
Rigo
 
Old 10-02-2004, 08:34 PM   #4
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
Quote:
Originally posted by rrigo
Thanks for your reply. This is my problem. I have several persons with accounts in my server. They have 2 ways of sending email. One is using ssh and then mutt, mail, etc. and the second way of doing so is to send it thru a web front end (squirrel mail). Now, everything was good until someone noticed that they can send email using someones else name and that they could change the email address so that it seemed that it was sent by someone else that has an account in my server.
ok well as I said above, the FROM field in the mail header (the one that holds the email address that the mail came from contains the email address that is entered into your email program. This can be changed to anything. I guess you could check the mail that was to be sent and double check that it is coming from a valid address (that is if someone tries to send a message from bill and there is no bill on your server then throw it away, but this does not fix your original problem.

If the users on your system only use there own pc's to send mail then you could probably chec the FROM against the ip address they send from - have a look at the received field in your mail headers.

using the squirell mail should make it easier, you need a user name and password to log in and the users shouldn't be able to access someones account and therefore only be able to send mail from thmeselves.
 
Old 10-03-2004, 12:48 AM   #5
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
I'm sure there is a way to test the envelope sender address against something like a user/password credential database, but I have never implemented this type of checking using either sendmail or postfix.

But hey, I do have a short term solution to your problem - DELETE THE PROBLEM USERS ACCOUNTS FROM YOUR SYSTEM. Sorry, I couldn't resist. Guess I spend way to much time fighting inbound SPAM and the thought of fighting outbound forged e-mail addresses (SPAM) makes me cranky.

BTW: If you do find a viable solution, I would be interested. In fact, if I can find a few hours, I might take a look at a postfix solution.

Good luck.
 
Old 10-03-2004, 02:30 AM   #6
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
Quote:
Originally posted by scowles
I'm sure there is a way to test the envelope sender address against something like a user/password credential database, but I have never implemented this type of checking using either sendmail or postfix.
yeah your right I guess you could put password protection on the SMTP server and then re-write the headers if they don't match the supplied username. I am a qmail guy, just starting to play with postfix at home at the memonet, but superficially it looks like an easier task with postfix.
I am going to setup smtp auth now and have a play with the headers at the same time
Quote:
But hey, I do have a short term solution to your problem - DELETE THE PROBLEM USERS ACCOUNTS FROM YOUR SYSTEM. Sorry, I couldn't resist. Guess I spend way to much time fighting inbound SPAM and the thought of fighting outbound forged e-mail addresses (SPAM) makes me cranky.

BTW: If you do find a viable solution, I would be interested. In fact, if I can find a few hours, I might take a look at a postfix solution.
lol, yup no problem users may = no problems :-)
 
Old 10-03-2004, 07:03 PM   #7
rrigo
LQ Newbie
 
Registered: Oct 2002
Distribution: debian
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by scowles
I'm sure there is a way to test the envelope sender address against something like a user/password credential database, but I have never implemented this type of checking using either sendmail or postfix.

But hey, I do have a short term solution to your problem - DELETE THE PROBLEM USERS ACCOUNTS FROM YOUR SYSTEM. Sorry, I couldn't resist. Guess I spend way to much time fighting inbound SPAM and the thought of fighting outbound forged e-mail addresses (SPAM) makes me cranky.

BTW: If you do find a viable solution, I would be interested. In fact, if I can find a few hours, I might take a look at a postfix solution.

Good luck.
Right now I have sendmail and to be honest I hate it's configuration files. So when I move to postfix, I'll try that authentication scheme. And yes, I did delete the problem user accounts. I actually don't have the problem now, but I wanted to know if there was a solution and how to implemente it..

The forged e-mail was not really SPAM, they were only making jokes between each other. I didn't notice until they tried to make me a joke.

Thanks,
Rigo

PS. thanks Sutekh
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Restricting IP sixth_sense Linux - Networking 1 04-27-2005 09:13 AM
Restricting su to certain users roadin SUSE / openSUSE 4 03-15-2005 01:17 PM
restricting an email account to receive mails from local users only dm0nkz Linux - Security 2 09-03-2004 03:08 AM
restricting ssh macie Linux - Networking 1 12-10-2003 12:34 AM
Restricting frequency of email checking with ipop3 Synapse-lk Linux - Software 2 10-03-2003 12:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration