Re: [PR] JAMES-4171 Allow configure strong distinction between submission and … [james-project]

Fri, 13 Feb 2026 02:28:46 -0800 


jeantil commented on code in PR #2939:
URL: https://github.com/apache/james-project/pull/2939#discussion_r2803463442


##########
docs/modules/servers/partials/configure/smtp.adoc:
##########
@@ -165,6 +175,8 @@ Backward compatibility is provided and thus the following 
values are supported:
  - `true`: act as `strict`
  - `false`: act as `disabled`
 
+Please note that this parameter only intend to prevent spoofing, and still 
allow unauthenticated remote users (that do not use local identity) to send 
email to local users.

Review Comment:
   nitpick
   ```suggestion
   Please note that this parameter only intends to prevent spoofing, and still 
allows unauthenticated remote users (that do not use local identity) to send 
email to local users.
   ```



##########
server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/SenderAuthIdentifyVerificationHook.java:
##########
@@ -74,10 +74,14 @@ public SenderAuthIdentifyVerificationHook(DomainList 
domains, UsersRepository us
     @Override
     public HookResult doCheck(SMTPSession session, MaybeSender sender) {
         ExtendedSMTPSession nSession = (ExtendedSMTPSession) session;
-        if (nSession.verifyIdentity() == 
SMTPConfiguration.SenderVerificationMode.STRICT) {
+        if (!session.isRelayingAllowed() && 
!nSession.senderVerificationConfiguration().allowUnauthenticatedSender()) {

Review Comment:
   In [this 
comment](https://issues.apache.org/jira/browse/JAMES-4171?focusedCommentId=18057796&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-18057796)
 on the corresponding jira it was discussed adding a new defaultly loaded hook 
instead of changing the behaviour of an existing hook 
   
   did you change your mind ?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to