[
https://issues.apache.org/jira/browse/JAMES-4171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18057576#comment-18057576
]
Jean Helou edited comment on JAMES-4171 at 2/10/26 1:01 PM:
------------------------------------------------------------
Interesting, it means that the default configuration results in DSN sent by
james for unauthenticated users. I was unaware of this particular behavior,
never thought to actually check it.
It means I could impersonate anyone and flood their inbox with DSNs by
pretending to be someone I'm not trying to relay through a james instance.
instead of changing the <auth> section, shouldn't we create a handler, applied
by default which applies a sane behavior by default and can be configured to be
even stricter ?
By sane behavior by default I mean reject non-authenticated users trying to
relay to non local recipients at the SMTP layer.
The handler would have a flag to completely disallow unauthenticated traffic.
People who want to do custom risky stuff would explicitly disable this handler
and use mailetcontainer to do their stuff.
if we really go forward with adding an option to <auth/> it should not be a
boolean but more something along the lines
{code:java}
<auth>
<behavior> SANE_RELAY | AUTHENTICATED_ONLY | OPEN_RELAY_PLEASE_DONT<behavior/>
</auth>
{code}
was (Author: JIRAUSER291110):
Interesting, it means that the default configuration results in DSN sent by
james for unauthenticated users. I was unaware of this particular behavior,
never thought to actually check it.
It means I could impersonate anyone and flood their inbox with DSNs by
pretending to be someone I'm not trying to relay through a james instance.
instead of changing the <auth> section, shouldn't we create a handler, applied
by default which applies a sane behavior by default and can be configured to be
even stricter ?
By sane behavior by default I mean reject non-authenticated users trying to
relay to non local recipients at the SMTP layer.
The handler would have a flag to completely disallow unauthenticated traffic.
People who want to do custom risky stuff would explicitly disable this handler
and use mailetcontainer to do their stuff
> Submission only server
> ----------------------
>
> Key: JAMES-4171
> URL: https://issues.apache.org/jira/browse/JAMES-4171
> Project: James Server
> Issue Type: Improvement
> Components: SMTPServer
> Reporter: Benoit Tellier
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> h3. Context
> I end up having to provide a submission only server for one of my customer.
> Problem: James bundles together the MX and submission role thus always accept
> email of remote users addressed to local users.
> This unorthodox behaviour is not a problem when combining both roles (though
> surprising!) however not being able to say "only authenticated users here"
> prevents implementing the aformentionned use case
> h3. Proposal
> Add auth.required configuration option in SMTP
> If true, then discard unauthenticated senders.
> This shall be the documented + recommended value however for
> retro-compatibility I propose to keep the legacy value as a default value.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
