On Wed, 1 May 2002, V=EB=E9r=EAsh Kh=E5n=F6rk=E3r wrote:
> > Agreed if the session is in non-authenticated state > then the user should not be allowed to send mail and > thats what is exactly happening. In such case any user > who knows this failure in authentication but still > maildelivery can give rise to spam, dont you think so? > > I mean if the authentication is not succeeded then > mail delivery should be denied. But thats not occuring > here. Anyone who knows this point can exploit it for > spamming. i'm sorry but there's no difference between auth failed and not authenticated. spammers do not need to fail auth if your server default state is open, they can simply omit authentication. - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
