On Monday 07 June 2004 08:08 am, Devendra Singh wrote: > Hi, > > I am using Erwin Hoffmann's qmail-smtpd-auth-0.4.2. > > I have noticed that once authenticated a user can use [EMAIL PROTECTED] > (where server.com is a domain listed in rcpthosts) in the FROM header.
even an unauthenticated user can do this. How do you think this mailing list post will have my From: header, but an envelope sender of vchkpw-return-<somenumber>[EMAIL PROTECTED]
> Is > there any remedy.
What Problem Are You Trying To Solve?
-Jeremy
Sorry Jeremy,
Perhaps I was unable to explain the problem properly.
Suppose a Server is hosting the following domains:
abc.com xyz.com test.com .... ....
Now, the user [EMAIL PROTECTED] has been enabled for SMTP (not POP-Before SMTP but SMTP-AUTH using Erwin's Patch).
If the user [EMAIL PROTECTED] tries to send an email as [EMAIL PROTECTED] in FROM headers, its denied. But, if he impersonates (for say spamming) in FROM headers as [EMAIL PROTECTED] or even [EMAIL PROTECTED] his outgoing mail would go through. Isn't this a case to worry?
The example that you have talked about is totally unrelated to the above explained situation.
Devendra Singh
______________________________________________________
Devendra Singh
IndiaMART InterMESH Limited
(Global Gateway to Indian Market Place)
B-1, Sector 8, Noida, UP - 201301, India
EPABX : +91-120-2424945, +91-120-3094634, +91-9810646342
Fax: +91-120-2424943
http://www.indiamart.com
http://www.indiangiftsportal.com
http://www.indiantravelportal.com
______________________________________________________
