Mailing List CGatePro@mail.stalker.com Message #103357
From: Mark J Strawcutter <mjstraw@iup.edu>
Subject: Re: Authentication and envelope from
Date: Mon, 02 Jul 2012 09:03:09 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
I think it fails even if return-path is local, but different than the account used to authenticate.

Mark

On 7/1/2012 10:59 PM, Nicolas Hatier wrote:
Mark is right, I just tested it. Apparently CGP drops the
"authenticated" flag when the Return-Path is not local, but still allow
relaying.

In that case, the rule could possibly be based on the Received: headers,
which contains the account used for authentication.

Header Field in Received: *account *@yourdomain1.example.com*,Received:
*account *@yourdomain2.example.com*,...
Return-Path not in yourdomain1.example.com,yourdomain2.example.com,...
Action:
Reject with: I'm sorry, Dave. I'm afraid I can't do that

The best would probably to write an external helper that would extract
the account info from the first Received header, and match it against
the Return-Path, and reject if they don't match and the account is
local. I can help if you need such as script.

Regards,
Nicolas Hatier

On 2012-06-27 20:58, Mark J Strawcutter wrote:
I mean the rule condition will fail

Mark

On 6/27/2012 12:21 PM, Nicolas Hatier wrote:
No, it doesn't fail, as the SMTP auth process is independent from the
MAIL FROM.

NH

On 2012-06-27 08:58, Mark J Strawcutter wrote:
I'm pretty sure that when return-path (mail from) is different than
the account used to authenticate, then "source authenticated" fails
(is false)

Mark

On 6/26/2012 11:20 PM, Nicolas Hatier wrote:

You could possibly use a rule with conditions such as:

Source in trusted,authenticated
Return-Path not in yourdomain1.example.com,yourdomain2.example.com,...
Action:
Reject with: I'm sorry, Dave. I'm afraid I can't do that

- If you only have one domain, make sure the second condition's
operator
is "is not" instead of "not in".
- I didn't test the rule. It may have side-effects I didn't think
about.

Regards,
Nicolas Hatier


On 2012-06-26 11:11, Rafael Ortega wrote:
Hello, all

Is there a way to prevent a user from authenticating and then sending
email with another "mail from:"?

Sometimes when an account is compromised the attacker connect with a
user account and then sends email using a false envelope from (not an
issue with the web interface but in smtp is possible).


Thanks


#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to
<CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to
<CGatePro-index@mail.stalker.com>
Send administrative queries to <CGatePro-request@mail.stalker.com>

#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to
<CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to
<CGatePro-index@mail.stalker.com>
Send administrative queries to <CGatePro-request@mail.stalker.com>



#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to
<CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to <CGatePro-request@mail.stalker.com>

#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to
<CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to <CGatePro-request@mail.stalker.com>



#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to <CGatePro-request@mail.stalker.com>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster