On Monday 07 June 2004 10:17 am, Devendra Singh wrote:
>
> Sorry Jeremy,
>
> Perhaps I was unable to explain the problem properly.
>
> Suppose a Server is hosting the following domains:
>
> abc.com
> xyz.com
> test.com
> ....
> ....
ok.
> Now, the user [EMAIL PROTECTED] has been enabled for SMTP (not POP-Before SMTP
> but SMTP-AUTH using Erwin's Patch).
>
> If the user [EMAIL PROTECTED] tries to send an email as [EMAIL PROTECTED] in FROM
> headers, its denied.
no, it's not, unless you've got some funky stuff set up, in which case, you'll
have to provide more details.
> But, if he impersonates (for say spamming) in FROM
> headers as [EMAIL PROTECTED] or even [EMAIL PROTECTED] his outgoing mail would go
> through. Isn't this a case to worry?
well, if you see it happening, that's why <insert deity here> created userdel.
> The example that you have talked about is totally unrelated to the above
> explained situation.
no, it's entirely the same concept. Why let an unauthenticated user use any
combination of envelope sender/header information but restrict authenticated
users. Doesn't make much sense to me.
-Jeremy
--
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
[EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l
kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
