Eric, This is where I'm confused. If qmail accepts mail for relay based on authentication of a valid account/pw pair, how could I have send mail via telnet on port 25 by only supplying a valid account (without a password)?
-----Original Message----- From: Eric Shubert [mailto:e...@shubes.net] Sent: 16 February 2014 09:56 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Spamming via valid vpopmail account On 02/16/2014 11:32 AM, Wicus Roets wrote: > That explains is quite nicely. > > One more question though ;) > > Quoting from "http://gmane.org/post.php"; - " People who do not have > valid email addresses in their From or Reply-To headers can't use > Gmane to post to mailing lists." That's (primarily) because gmane doesn't have accounts with passwords. It uses the From/Reply-To to verify that an address exists, when the first message from an account is sent to the list. This is akin to adding an account. > From my earlier mail, qmail accepts mail based only on the "rcpt to:" > of the header. As an interim, would inclusion of verification on the "mail from:" > be easier/quicker ? I'm not sure what you mean by this. qmail accepts mail (for relay) based on authentication (valid account/pw pair). I don't think that verifying the "mail from" is always practical, but I know that SamC is considering adding some such capability to spamdyke. I think we should wait and see what he comes up with for that. QMT doesn't presently use spamdyke on port 587, but it soon will. spamdyke v5.0 was just released, and once it's deemed stable (by me), QMT will use it to handle authentication (on port 587). -- -Eric 'shubes' --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
