From: "Glen Scott" <[EMAIL PROTECTED]> > Yes, sendmail checks whether the domain in the from field is an > actual domain name, and will reject anything that isn't with a > "sender domain must exist" error. At least, this is how sendmail is > set up on our RaQ2 and RaQ3. Yes but as far as I know, there's know way to check the username, right? So for example someone authorized to relay through my raq could send things on behalf of [EMAIL PROTECTED], even though he's not at all affiliated with my company. We've had this exact thing happen, although by accident (someone configured [EMAIL PROTECTED] instead of [EMAIL PROTECTED] as the from address). AFAIK, there is no way to stop this from occuring. Or is there? Kevin _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
