[
https://issues.apache.org/jira/browse/JAMES-4171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18057637#comment-18057637
]
Benoit Tellier commented on JAMES-4171:
---------------------------------------
auth section applies for a specific port.
In some customer environment we run different auth mecanisms on different ports.
> If we wanted to properly align with the RFC we would need to differentiate
> relay/mixed-use ports from submission ports (since they are RFC specified)
> and have different default behaviors as well as preventing incorrect
> configuration
This is indeed what I proposed in default configuration.
I chose default for backward compatibility but I would be glad to change
default to RFC compliance too !
Should I?
>> By sane behavior by default I mean reject non-authenticated users trying to
>> relay to non local recipients at the SMTP layer.
> From your earlier comment it is the case but it results in a james generated
> DSN.
No. Please re-read. It is a consequence of using mailets for SMTP transport
validation, which was suggested in your first comment. It is not applicable to
the discussion.
> At the moment the sane version of the mixed behavior you speak of is enforced
> by a properly configured mailetcontainer ( either that or that configuration
> in the mailet container is useless).
No.
Currently mailetcontainer is a second safe guard against open relaying but the
primary line of defense is the SMTP layer, and is already implemented. This
behaviour pre-date my involvment on the project.
> so we probably need to address this in the SMTP layer too
As said several times this is already the case.
> Submission only server
> ----------------------
>
> Key: JAMES-4171
> URL: https://issues.apache.org/jira/browse/JAMES-4171
> Project: James Server
> Issue Type: Improvement
> Components: SMTPServer
> Reporter: Benoit Tellier
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> h3. Context
> I end up having to provide a submission only server for one of my customer.
> Problem: James bundles together the MX and submission role thus always accept
> email of remote users addressed to local users.
> This unorthodox behaviour is not a problem when combining both roles (though
> surprising!) however not being able to say "only authenticated users here"
> prevents implementing the aformentionned use case
> h3. Proposal
> Add auth.required configuration option in SMTP
> If true, then discard unauthenticated senders.
> This shall be the documented + recommended value however for
> retro-compatibility I propose to keep the legacy value as a default value.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
