Please keep replies on list.
On 4/17/2023 2:16 PM, Tyler Montney wrote:
I'll put it this way, since I'm struggling to word this:
Provider A contains the following customers:
Acme Corporation (acme.com <http://acme.com>)
Corley Motors (corley.com <http://corley.com>)
Provider B contains the following customers:
ConSec (consec.com <http://consec.com>)
Teldar Paper (teldar.com <http://teldar.com>)
f...@acme.com can send to b...@corley.com
without authentication.
You've explained what's observable, but not why it's a problem.
Any random server on the internet can send to b...@corley.com without
authentication. The original sender may or may not authenticate to
*their* mail server, corley.com cannot control that. So corley.com
accepts unauthenticated mail all day long.
How is this different?
f...@acme.com
must authenticate in order to send to
f...@consec.com . Similarly, f...@consec.com
must authenticate in order to send to
b...@teldar.com .
Some providers require all to authenticate, without exception. This
is generally considered good, but providers may use other methods to
prevent abuse of their system.
I still don't see a problem. If someone has found a way to abuse
this, then the abuse should be reported to the provider.
-- Noel Jones
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
