On 20. apríla 2025 15:35:35 UTC, Sander ter Steege via Exim-users <exim-users@lists.exim.org> wrote: >Hi Slavko, > >Thanks for taking the time to look into this.
You are welcome >> How you have currently set: >> >> control = submission >> >> With or without options? > >This is without options, when I add the 'domain=‘ option to submission, it >works, but I’m trying to figure out why it’s needed. You wrote that you want to understand why that happens. As (IMO) exim's docs is hard to follow about this, i will try to explain it more verbose (and simplified for your case)... One have four possible options how to enable submission mode via "control =" ACL statement: + "submission" (without options) -- it adds Sender: header (and thus changes envelope sender) in form "$authenticated_id@$qualify_domain" + requires $authenticated_id without domain part + requires valid domain in primary_hostname (or qualify_domain) + all mails will have the same domain + all mails will contain login name + "submision/domain=example.com" -- it adds Sender: header (and thus changes envelope sender) in form "$authenticated...@example.com" + requires $authenticated_id without domain part + all mails will have the same domain + all mails will contain login name + "submision/domain=" -- it adds Sender: header (and thus changes envelope sender) in form $authenticated_id + requires $authenticated_id with (valid) domain part + all mails will contain login name + "submision/sender_retain" -- doesn't add Sender: header at all (and thus doesn' change envelope sender) + any user can use what he/she want (do checks in ACL) Of course, Sender: header is added only when From: address differs, but in first two cases it will be in allmost all cases when $authenticated_id contains domain part. In other words, you want to use "submission/sender_retain", because your login names ($authenticated_id) are with domains. That is good for user's privacy (eg. when aliases are used) and freedom, but you have to carefuly check, what they are using (at least) in envelope from and From: header, to prevent address spoofing. Eventually, you want the "submission/domain=", which will use $authenticated_id as it is. That is OK too, but $authenticated_id will appear in every his email. It is not (big) security problem, but will allow eg. to track user's aliases. regards -- Slavko https://www.slavino.sk/ -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
