Ken Lin wrote:
Stefano:
I went ahead and tested a few other ISP and corporation's email. It seems
when SMTP authentication is not established, many directly reject any mail
with sender containing the designated domain name. Here are the servers I
tested that rejected all spoof:
Mail ISP:
Gmail: gsmtp183.google.com
I just sent a mail from one of my gmail account to another of my gmail
account using their smtp server without authentication and I have been
succesfull.
You're probably missing something in the tests, or I don't understand
what are you testing.
[edentist][/var/log]$ telnet gsmtp163.google.com 25
Trying 64.233.163.27...
Connected to gsmtp163.google.com.
Escape character is '^]'.
220 mx.gmail.com ESMTP 38si1843438nzk
ehlo pippo.com
250-mx.gmail.com at your service
250-SIZE 20971520
250-8BITMIME
250 ENHANCEDSTATUSCODES
mail from: <[EMAIL PROTECTED]>
250 2.1.0 OK
rcpt to: <[EMAIL PROTECTED]>
250 2.1.5 OK
data
354 Go ahead
Subject: test
body
.
250 2.0.0 OK 1141947204 38si1843438nzk
quit
221 2.0.0 mx.gmail.com closing connection 38si1843438nzk
Connection closed by foreign host.
And I succesfully received the message.
I don't test all the other servers because there is obviously a
misunderstanding in this conversation.
Just to make sure that the code change won't violate the RFC, can you let me
know the RFC number and section number that mandates any email from @xyz.com
can be sent to [EMAIL PROTECTED] without SMTP authentication? I looked at the
following two RFCs from the IETF site and couldn't find this mandate:
SMTP RFC (821): http://www.ietf.org/rfc/rfc0821.txt
SMTP authentication RFC (2554): http://www.ietf.org/rfc/rfc2554.txt
RFC 2821 - Simple Mail Transfer Protocol
4.5.1 Minimum Implementation
Any system that includes an SMTP server supporting mail relaying or
delivery MUST support the reserved mailbox "postmaster" as a case-
insensitive local name.This postmaster address is not strictly
necessary if the server always returns 554 on connection opening (as
described in section 3.1). The requirement to accept mail for
postmaster implies that RCPT commands which specify a mailbox for
postmaster at any of the domains for which the SMTP server provides
mail service, as well as the special case of "RCPT TO:<Postmaster>"
(with no domain specification), MUST be supported.
SMTP systems are expected to make every reasonable effort to accept
mail directed to Postmaster from any other system on the Internet.
In extreme cases --such as to contain a denial of service attack or
other breach of security-- an SMTP server may block mail directed to
Postmaster. However, such arrangements SHOULD be narrowly tailored
so as to avoid blocking messages which are not part of such attacks.
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
