[ https://issues.apache.org/jira/browse/JAMES-3579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17343772#comment-17343772 ]
René Cordier commented on JAMES-3579: ------------------------------------- https://github.com/apache/james-project/pull/425 > verifyIdentity param should be rejected if authRequired is set to false in > SMTP configuration > --------------------------------------------------------------------------------------------- > > Key: JAMES-3579 > URL: https://issues.apache.org/jira/browse/JAMES-3579 > Project: James Server > Issue Type: Bug > Components: SMTPServer > Reporter: René Cordier > Priority: Minor > Time Spent: 0.5h > Remaining Estimate: 0h > > According to the smtp conf documentation > https://james.apache.org/server/config-smtp-lmtp.html: > "handler.verifyIdentity > This is an optional tag with a boolean body. This option can only be used if > SMTP authentication is required. If the parameter is set to true then the > sender address for the submitted message will be verified against the > authenticated subject. Verify sender addresses, ensuring that the sender > address matches the user who has authenticated. It will verify that the > sender address matches the address of the user or one of its alias (from user > or domain aliases). This prevents a user of your mail server from acting as > someone else If unspecified, default value is true." > However, it has been observed that when authRequired is set to false in > smtpserver.xml, if verifyIdentity is set to true, the SMTP server is > expecting that the user is authenticated to be able to verify its identity. > To stick to the documentation of James, we should reject this case on James > startup. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org