I don't see that as a big issue. They can't Auth when 'Account Access Disabled' is checked in the user gui.
If the user has a POP box, uncheck 'Account Access Disabled' and use their unique password. If the user is for forwarding, then make sure that 'Account Access Disabled' is checked. They can't Auth, so they can't send. Thursday, September 8, 2005, 8:15:20 AM, Matt <[EMAIL PROTECTED]> wrote: M> M> One other thing to add to this. Ipswitch in their brilliance, M> decided to make a default password of "password" for any newly M> created account including root. One must take great care to change M> these otherwise they can become susceptible to AUTH hacking with a M> great deal of ease, and you then become essentially an open relay M> even though you are configured not to be. M> M> Matt M> M> M> M> Dan Horne wrote: M> M> Orin Wells <> wrote on Thursday, September 08, 2005 1:15 AM: M> M> M> Regarding telnet - apparently there is a problem with windows 2003 M> and iMail. If my source is correct one can telnet into a Windows M> 2003 system running iMail (pick a version) on port 25 and get by the M> authentication. Again, my source told me that neither Micosoft nor M> Ipswitch has come up with a way to stop this. It appears only to be M> a problem on Windows 2003, not Windows 2000. M> M> M> This is FUD and is patently false. Telnetting on port 25 is not true M> "telnet" which runs on port 23. When you connect on port 25 you are M> connecting to an SMTP session just like any other SMTP server. It is M> not possible to bypass Authentication in this manner. If your source is M> trying to do this from your network, and you have your network in the M> "relay mail for addresses" list, then no authentication is necessary. M> The proper way to test this would be to make the attempt from an outside M> network. If you have your relay settings set to anything other than "No M> mail relay" or "relay for addresses", then no authentication is M> necessary from any network and you ARE an open relay. Your source has M> his facts wrong. The OS (windows 2003/2000) has nothing to do with M> Imail's SMTP service and whether it requires auth. M> Dan Horne M> --- M> This E-mail came from the Declude.JunkMail mailing list. To M> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and M> type "unsubscribe Declude.JunkMail". The archives can be found M> at http://www.mail-archive.com. M> M> M> ---- Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364 Fax: (972) 788-5049 ---- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
