You may disable acceptance of message from not authenticated users only if you make one of these changes:
- delete any entry from rcpthosts or - modify auth patch so that only auth relaying is allowed.
Tonino
At 16.24 19/04/2005, you wrote:
Hi Everybody,
I have a system consists of qmail 1.03 and vpopmail-5.4.9 and courier-imap-4.0.2 and SM and QS.
I think that there is a bug in the qmail-smtpd.
the bug that I can send mail as/from a local account to any other local account Although I use SMTP auth provided by : http://www.fehcom.de/qmail/smtpauth.html.
smtpd and SMTP Auth. must prevent anyone to Impersonate and send mail from an Local Account other than his Local Account to any other Local account.
Imagine that I host the two domains: companyXX.com and companyYY.com for example.
So , an any person who did not belong to companyXX.com can Impersonate as [EMAIL PROTECTED] and send a formal email - w/o authenticating of course - to [EMAIL PROTECTED] or [EMAIL PROTECTED]
I want to do that to prevent any other third party - or even any local account users- to Impersonate and send mail from an other Local Account to any other Local account.
By the way; My /var/qmail/supervise/qmail-smtpd/run as follow :
#!/bin/sh
# when QMAILQUEUE is set, all mail will be sent to the nominated script QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
QMAILDGID=`id -g vchkpw`
exec /usr/local/bin/softlimit -m 15000000 \ /usr/local/bin/tcpserver \
-v -x /etc/tcp.smtp.cdb \
-c 20 -R -u "$QMAILDUID" -g "$QMAILDGID" 0 smtp \ /usr/local/bin/rblsmtpd -b -C \
-r 'relays.ordb.org:Your message was rejected because the mail server you use is configured to allow OPEN RELAY - More detailed information regarding this problem is available from http://www.ordb.org/lookup/?host=%IP% <http://www.ordb.org/lookup/?host=%IP%> - Please forward this error through to your email server support staff for easy resolution.' \
-r 'list.dsbl.org:Your message was rejected because the message was sent from a server listed in DSBL - More information regarding this problem is available at http://dsbl.org/listing?%IP% <http://dsbl.org/listing?%IP%> - Please forward this error to your email server support staff for resolution.' \
-r 'sbl-xbl.spamhaus.org:Your message was rejected because the message was sent from a server listed in the Spamhaus RBL - More information regarding this problems is available at http://www.spamhaus.org/query/bl?ip=%IP% <http://www.spamhaus.org/query/bl?ip=%IP%> - Please forward this error to your email server support staff for resolution.' \
/var/qmail/bin/qmail-smtpd \
/home/vpopmail/bin/vchkpw /bin/true 2>&1
Can anyone help me to work around this problem ????
Best Regards.
Samir Noshy
