Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
09-29-2004, 01:42 AM
|
#1
|
LQ Newbie
Registered: Oct 2002
Distribution: debian
Posts: 4
Rep:
|
Restricting email
I need to restrict some users from sending email with someone's else username. For example, bob would send email with john@example.com email address. How can I restrict him to send email only from bob@example.com? Thanks
|
|
|
09-30-2004, 01:55 AM
|
#2
|
Member
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273
Rep:
|
ahh well maybe you need to describe the problem in a bit more detail.
is bob using john's MUA to send his mail?
is bob simply re-writing the header in his email (by for example typing john's email address into his MUA)?
i guess a blanket answer may be that if you limit bob to sending his email to say a web based front end then (assuming he doesn't know john's password) he would have to use the setting built into that and would not be able to mangle the header. having said that he could simply telnet to your SMTP server and type the mail in by hand and therefore use whatever name he felt like.
the other thing that may be an option is for you to re-write the FROM: based on the HELO. this would only work if bob sends all his mail from the same pc so you could be sure it was him sending the mail.
this may not be what you are asking to solve however so let me know if i am on the right track
|
|
|
10-02-2004, 07:04 PM
|
#3
|
LQ Newbie
Registered: Oct 2002
Distribution: debian
Posts: 4
Original Poster
Rep:
|
Quote:
Originally posted by Sutekh
ahh well maybe you need to describe the problem in a bit more detail.
is bob using john's MUA to send his mail?
is bob simply re-writing the header in his email (by for example typing john's email address into his MUA)?
i guess a blanket answer may be that if you limit bob to sending his email to say a web based front end then (assuming he doesn't know john's password) he would have to use the setting built into that and would not be able to mangle the header. having said that he could simply telnet to your SMTP server and type the mail in by hand and therefore use whatever name he felt like.
the other thing that may be an option is for you to re-write the FROM: based on the HELO. this would only work if bob sends all his mail from the same pc so you could be sure it was him sending the mail.
this may not be what you are asking to solve however so let me know if i am on the right track
|
Thanks for your reply. This is my problem. I have several persons with accounts in my server. They have 2 ways of sending email. One is using ssh and then mutt, mail, etc. and the second way of doing so is to send it thru a web front end (squirrel mail). Now, everything was good until someone noticed that they can send email using someones else name and that they could change the email address so that it seemed that it was sent by someone else that has an account in my server. Some of this persons have also aliases so that they have more than 1 email address. For example I have my personal email address and then I create aliases for email addresses that I'm going to put in a form. So my question was: what is the best way to restrict mail so that users can only send email using their email address and the ones that they have aliases.
Thanks
Rigo
|
|
|
10-02-2004, 08:34 PM
|
#4
|
Member
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273
Rep:
|
Quote:
Originally posted by rrigo
Thanks for your reply. This is my problem. I have several persons with accounts in my server. They have 2 ways of sending email. One is using ssh and then mutt, mail, etc. and the second way of doing so is to send it thru a web front end (squirrel mail). Now, everything was good until someone noticed that they can send email using someones else name and that they could change the email address so that it seemed that it was sent by someone else that has an account in my server.
|
ok well as I said above, the FROM field in the mail header (the one that holds the email address that the mail came from contains the email address that is entered into your email program. This can be changed to anything. I guess you could check the mail that was to be sent and double check that it is coming from a valid address (that is if someone tries to send a message from bill and there is no bill on your server then throw it away, but this does not fix your original problem.
If the users on your system only use there own pc's to send mail then you could probably chec the FROM against the ip address they send from - have a look at the received field in your mail headers.
using the squirell mail should make it easier, you need a user name and password to log in and the users shouldn't be able to access someones account and therefore only be able to send mail from thmeselves.
|
|
|
10-03-2004, 12:48 AM
|
#5
|
Member
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620
Rep:
|
I'm sure there is a way to test the envelope sender address against something like a user/password credential database, but I have never implemented this type of checking using either sendmail or postfix.
But hey, I do have a short term solution to your problem - DELETE THE PROBLEM USERS ACCOUNTS FROM YOUR SYSTEM. Sorry, I couldn't resist.  Guess I spend way to much time fighting inbound SPAM and the thought of fighting outbound forged e-mail addresses (SPAM) makes me cranky.
BTW: If you do find a viable solution, I would be interested. In fact, if I can find a few hours, I might take a look at a postfix solution.
Good luck.
|
|
|
10-03-2004, 02:30 AM
|
#6
|
Member
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273
Rep:
|
Quote:
Originally posted by scowles
I'm sure there is a way to test the envelope sender address against something like a user/password credential database, but I have never implemented this type of checking using either sendmail or postfix.
|
yeah your right I guess you could put password protection on the SMTP server and then re-write the headers if they don't match the supplied username. I am a qmail guy, just starting to play with postfix at home at the memonet, but superficially it looks like an easier task with postfix.
I am going to setup smtp auth now and have a play with the headers at the same time
Quote:
But hey, I do have a short term solution to your problem - DELETE THE PROBLEM USERS ACCOUNTS FROM YOUR SYSTEM. Sorry, I couldn't resist. Guess I spend way to much time fighting inbound SPAM and the thought of fighting outbound forged e-mail addresses (SPAM) makes me cranky.
BTW: If you do find a viable solution, I would be interested. In fact, if I can find a few hours, I might take a look at a postfix solution.
|
lol, yup no problem users may = no problems :-)
|
|
|
10-03-2004, 07:03 PM
|
#7
|
LQ Newbie
Registered: Oct 2002
Distribution: debian
Posts: 4
Original Poster
Rep:
|
Quote:
Originally posted by scowles
I'm sure there is a way to test the envelope sender address against something like a user/password credential database, but I have never implemented this type of checking using either sendmail or postfix.
But hey, I do have a short term solution to your problem - DELETE THE PROBLEM USERS ACCOUNTS FROM YOUR SYSTEM. Sorry, I couldn't resist. Guess I spend way to much time fighting inbound SPAM and the thought of fighting outbound forged e-mail addresses (SPAM) makes me cranky.
BTW: If you do find a viable solution, I would be interested. In fact, if I can find a few hours, I might take a look at a postfix solution.
Good luck.
|
Right now I have sendmail and to be honest I hate it's configuration files. So when I move to postfix, I'll try that authentication scheme. And yes, I did delete the problem user accounts.  I actually don't have the problem now, but I wanted to know if there was a solution and how to implemente it..
The forged e-mail was not really SPAM, they were only making jokes between each other. I didn't notice until they tried to make me a joke.
Thanks,
Rigo
PS. thanks Sutekh
|
|
|
All times are GMT -5. The time now is 12:26 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|