Hi! I'm telnet from the same host james running,but 127.0.0.1/8 is removed from authenticated address and a failed testing has being done,sorry for my poor english.
"Eric Charles (JIRA)" <server-dev@james.apache.org>编写: [ https://issues.apache.org/jira/browse/JAMES-1504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13644673#comment-13644673 ] Eric Charles commented on JAMES-1504: ------------------------------------- Hi, I have retested: 220 domU-12-31-39-0F-80-2F JAMES SMTP Server Server (JAMES SMTP Server ) ready ehlo test 250-domU-12-31-39-0F-80-2F Hello test [82.28.174.1]) 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-PIPELINING 250-ENHANCEDSTATUSCODES 250 8BITMIME auth login 334 VXNlcm5hbWU6 e...@test.com 334 UGFzc3dvcmQ6 fakebase64== 535 Authentication Failed The authentication fails. Maybe you are telneting from the same host as James ? in which case the default config is (if I remember) well more persmissive, in the sense that no authentication is required. Thx, Eric > POP3 AUTHENTIFICATION > --------------------- > > Key: JAMES-1504 > URL: https://issues.apache.org/jira/browse/JAMES-1504 > Project: James Server > Issue Type: Bug > Components: SMTPServer > Affects Versions: 3.0.0-beta5 > Environment: Windows 7,JDK7 > Reporter: 杨勐 > Assignee: Eric Charles > Priority: Critical > Labels: security > Fix For: 3.0.0-beta5 > > Attachments: screenshot-1.jpg, screenshot-2.jpg, telnet.jpg > > > Telnet mysmtpserver 25 may login with part match base64 encoded password. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org