Agreed if the session is in non-authenticated state then the user should not be allowed to send mail and thats what is exactly happening. In such case any user who knows this failure in authentication but still maildelivery can give rise to spam, dont you think so?
I mean if the authentication is not succeeded then mail delivery should be denied. But thats not occuring here. Anyone who knows this point can exploit it for spamming. -Veeresh --- Davide Libenzi <[EMAIL PROTECTED]> wrote: > > On Tue, 30 Apr 2002, V=EB=E9r=EAsh Kh=E5n=F6rk=E3r > wrote: > > > > > Another dump check it out: > > > > The underlined command shouldnt be allowed IMHO. > Check > > it out: > > After the user has given EHLO, the user is > supposed to > > give AUTH, but in the below case if the user gives > > _MAIL FROM_ its still accepted. Isnt it a security > > lapse? > > > > Please do reply back. > > no, if the auth fails the server state remain in > non-authenticated. that's > it. > > > > - Davide > > > - > To unsubscribe from this list: send the line > "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body > of a message to > [EMAIL PROTECTED] > __________________________________________________ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
