On Thu, 24 Oct 2002, Matt Parlane wrote: > Hi list... > > I have been using XMail for a while now, and have been struggling with > relaying problems. > > I migrated from MDaemon, and they relay messages if they are either TO or > FROM a local domain. XMail is different - it only relays a message if it is > TO a local domain, but not if it's FROM a local domain. > > The attached patch changes the way XMail checks to see if a message can be > relayed by checking if either the FROM domain or the TO domain is local. It > is to be applied against SMTPSvr.cpp > > I think this makes life much easier for the administrator, as clients don't > have to have SMTP authentication turned on, and the administrator doesn't > have to keep track of client IP addresses. I have checked this patch with 3 > different open relay testing engines, and none of them reported any > problems. > > Davide - what do you think of this patch? Can you see any security > problems? I realize that it could be implemented a lot better, but do you > think it could be included in your release?
Controlling relaying based on the "From:" ( or MAIL_FROM SMTP transaction ) is the same as if banks will trust you simply because you're saying to be XYZ when going to withdraw money from an account. Spammers fake the from address pretty commonly ... - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
