Fix "verify-identity" to work properly
--------------------------------------
Key: JBMAIL-10
URL: http://jira.jboss.com/jira/browse/JBMAIL-10
Project: JBoss Mail
Type: Bug
Components: SMTP
Versions: 1.0-M2, 1.0-M3
Reporter: Andrew Oliver
Assigned to: Andrew Oliver
Fix For: 1.0-M3
When "verify-identity" property is set to true, SMTP seems to refuse all
external addresses. The proper functionality is for SMTP to check the MAIL
FROM parameter against the id passed in via "AUTH" and ensure that AUTH
identity has permission to send mail as MAIL FROM identity. Additionally the
"from" header should be checked (or possibly as a second option). Presently
you must run with verify-identity off which means that any authenticated user
can send mail as anyone that they like.
Possibly there should be a property called "use-mail-from-identity-in-header"
or something which replaces the "From" header with whatever was passed in MAIL
FROM.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
JBoss-Development mailing list
JBoss-Development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-development
