maybe i screwed things up --- sorry --- but hopefully we'll have a whole suite of unit tests to screen this sort of security behaviour if we don't already have them.
but i definitely noticed two aspects of behaviour that didn't make sense to me in code from before this last weekend, when i did a few things including modify this security behaviour a bit: 1. if i connect to the server from a remote machine, do a 'helo xoba.com', then 'mail from:<[EMAIL PROTECTED]>', then a 'rcpt to:<[EMAIL PROTECTED]>'. it actually goes ahead and tries to send the mail to yahoo --- i think this is open-relay behaviour (since i connected from a remote host), even though one needs to forge a known domain using '[EMAIL PROTECTED]'. changing the mail-from to 'mail from:<[EMAIL PROTECTED]>' confirms that it denies relaying to unknown senders' domains. i added some checks in the code to prevent the relaying, by keeping track of the client's inetaddress. 2. the mail server disallows sending mail from locally connected clients (i.e., executing on same machine) except when its sender-address is from a known domain --- i changed this to be totally free (like sendmail), since the owner ostensibly owns the machine and why say 'no' to him --- although we may want to change this back to beef up security anyway. just let me know what your thoughts are on this. again, hope i didn't screw things up trying to modify this behaviour! best, mike <a href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3825051#3825051";>View the original post</a> <a href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3825051>Reply to the post</a> ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
