Stefano:
Thanks! I tested the configuration and found that it works.
Maybe this method of "spoofing" users has been overlooked. Even if James has
SMTP turned on, I can impersonate any user of the server and send another user
an email without any authentication. In a way, it seems to be a se
See also the "Secure Mailing List using S/MIME" discussion from January.
There are some comments in there from Stefano that could apply.
--- Noel
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mai
Ken Lin wrote:
Stefano:
Here is the actual scenario I try to prevent: Let's say I use james email server at corporation xyz.com. A hacker/email worm program telnet to SMTP port (inside or outside the corporate firewall), uses one of the employees' email address as "from" address (say [EMA
Stefano:
Here is the actual scenario I try to prevent: Let's say I use james email
server at corporation xyz.com. A hacker/email worm program telnet to SMTP port
(inside or outside the corporate firewall), uses one of the employees' email
address as "from" address (say [EMAIL PROTECTED])
SMTP Authentication is defined in the SMTP rfc and is not related with
the from address.
If you are authenticated james does not perform relay checks. If you are
not authenticated then messages destinated (SMTP RCPT TO: command
argument) to domains included in "" will be accepted while
messag
Hi:
I installed the james mail server behind a firewall, and exposed its SMTP
port through firewall tunneling. Because of the firewall, I cannot do any IP
based authentication because all incoming connection shows the internal
address of the firewall (192.0.something)
I turned on t
