Mailing List Archive

On Fri, 7 Jun 2002, Sebastian Sawicki wrote:

> headers_add = "X-Authenticated-Sender: ${authenticated_sender}\n \

s/sender/id/


btw, i'd scramble it if i were you. i'm doing it like:

${if def:authenticated_id { (authenticated sender:
${md5:${authenticated_id}${message_id}ASMTP_HEADER_SECRET})}}\

(line wrapped, it's one line really, and it's a received_headers_text
entry, so modify accordingly). ASMTP_HEADER_SECRET is a macro with
some random foobar in it.

that makes you find any sender easily (as the "key space" is finite
and unlikely to be very big, unless you have several trilliongazillion
users :), but makes for any outsider hard to attack on your usernames.




--
[-]

On Fri, 7 Jun 2002, Sebastian Sawicki wrote:

> headers_add = "X-Authenticated-Sender: ${authenticated_sender}\n \
> X-Authenticated-id: ${authenticated_id}"

oops, i think i spoke too soon :) didn't notice that second line,
sorry.

i do it (with headers_add, in the transport) as:

headers_add = "${if def:authenticated_id{X-Authenticated-Sender:
${md5:${authenticated_id}${message_id}ASMTP_HEADER_SECRET}}}"

(again, wrapped). works fine here... (well, worked, when this
particular box had auth turned on :).

--
[-]

On Fri, Jun 07, 2002 at 03:14:24PM +0200, Tamas TEVESZ wrote:
> On Fri, 7 Jun 2002, Sebastian Sawicki wrote:
>
> > headers_add = "X-Authenticated-Sender: ${authenticated_sender}\n \
> > X-Authenticated-id: ${authenticated_id}"
>
> oops, i think i spoke too soon :) didn't notice that second line,
> sorry.
>
> i do it (with headers_add, in the transport) as:
>
> headers_add = "${if def:authenticated_id{X-Authenticated-Sender:
> ${md5:${authenticated_id}${message_id}ASMTP_HEADER_SECRET}}}"
>
> (again, wrapped). works fine here... (well, worked, when this
> particular box had auth turned on :).

We look up the authenticated_id in our LDAP tree and add a couple of
headers of the form:

X-Authenticated-Sender: Buffy A Summers, Buffy Summers from slayer.mcc.ac.uk (slayer) [130.88.201.256]
X-Authenticated-From: buffy.summers@man.ac.uk

which gives all the info which ought to be in a legit email but nothing
else.

Mike
--
-----Plain text only please - attachments stripped on arrival.------
Copyright 2002 Mike Richardson, Room G98, Manchester Computing
University of Manchester, M13 9PL doctor@mcc.ac.uk Int: 56009
Left through main doors. Right then left at end of corridor.
First door on left. URL http://kira.mcc.ac.uk/ Ext: 0161 275 6009
--------------------------------------------------------------------
"If I want your opinion, I'll beat it out of you!" - Chuck Norris
"If anything happens to my daughter I have a 45 and shovel" Clueless

Tamas TEVESZ wrote:
> i do it (with headers_add, in the transport) as:
>
> headers_add = "${if def:authenticated_id{
> ${md5:${}${message_id}ASMTP_HEADER_SECRET}}}"

I put this into my config file (exim 3.34) and the message is out of
X-Authenticated-Sender header.. -> authenticated_id undefined?? Why?

Thanks and best regards
Sebastian

On Fri, 7 Jun 2002, Sebastian Sawicki wrote:

> I put this into my config file (exim 3.34) and the message is out of
> X-Authenticated-Sender header.. -> authenticated_id undefined?? Why?

no stinkin' idea ;0
are you sure you're sending the message with authentication ?


--
[-]

> > i do it (with headers_add, in the transport) as:
> >
> > headers_add = "${if def:authenticated_id{X-Authenticated-Sender:
> > ${md5:${authenticated_id}${message_id}ASMTP_HEADER_SECRET}}}"

In case you don't add these headers on the final delivery, I recommend
to put the information in received headers, not in additional headers,
because both authentic sender and in particular the authentic ID may
change hop by hop.

Michael