On Sun, 30 Sep 2001, Franky Van Liedekerke wrote: > On Sun, 30 Sep 2001 20:11:07 +0200 > Clemens Hermann <[EMAIL PROTECTED]> wrote: > > > > Thanks a lot for your offer but perhaps I should setup a > > test-environment to supply more detailled questions. > > The problem I see is as follows: After someone has successfully > > authenticated via smtp-auth he can send whatever he wants and you can > > not use the from: header to relate a sent mail to a virtual domain. > > > > That's not limited to smtp-auth. Everybody can give any "from"-domain they want when >they are allowed to relay. smtp-auth is only used to obtain the "relay allowed" >state. The only safe method is always using the IP. > The patch I submitted a while back does limit authenticated users to their aliases as far as the envelope sender goes. It does require some work with the ldap database, such as adding a domain objectclass for domain-specific basedns. The patch is in Hennings patch directory under "foreign" (life with qmail-ldap will lead you to that directory). It does some other things that you may or may not like as well. Read the README carefully.
Lynn
