Try your test again without even trying to authenticate. Your system might not require authentication to send e-mail because either your ip is in smtprelay, you have smtp after pop enabled or you have left your system open some other way. When you have your system configured so that it won't take your test message without authentication then try your test again with authentication and post the results.
Bill >---------- >From: V=EB=E9r=EAsh" = "Kh=E5n=F6rk=E3r[SMTP:[EMAIL PROTECTED]] >Sent: Wednesday, May 01, 2002 1:17 AM >To: [EMAIL PROTECTED] >Subject: [xmail] Re: Might be A Bug [Part II] > > >Agreed if the session is in non-authenticated state >then the user should not be allowed to send mail and >thats what is exactly happening. In such case any user >who knows this failure in authentication but still >maildelivery can give rise to spam, dont you think so? > >I mean if the authentication is not succeeded then >mail delivery should be denied. But thats not occuring >here. Anyone who knows this point can exploit it for >spamming. > >-Veeresh > >--- Davide Libenzi <[EMAIL PROTECTED]> wrote: >>=20 >> On Tue, 30 Apr 2002, V=3DEB=3DE9r=3DEAsh Kh=3DE5n=3DF6rk=3DE3r >> wrote: >>=20 >> > >> > Another dump check it out: >> > >> > The underlined command shouldnt be allowed IMHO. >> Check >> > it out: >> > After the user has given EHLO, the user is >> supposed to >> > give AUTH, but in the below case if the user gives >> > _MAIL FROM_ its still accepted. Isnt it a security >> > lapse? >> > >> > Please do reply back. >>=20 >> no, if the auth fails the server state remain in >> non-authenticated. that's >> it. >>=20 >>=20 >>=20 >> - Davide >>=20 >>=20 >> - >> To unsubscribe from this list: send the line >> "unsubscribe xmail" in >> the body of a message to [EMAIL PROTECTED] >> For general help: send the line "help" in the body >> of a message to >> [EMAIL PROTECTED] >>=20 > > >__________________________________________________ >Do You Yahoo!? >Yahoo! Health - your guide to health and wellness >http://health.yahoo.com >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
