I had SMTP authentication setup a few months ago, and THAT did not stop the
relaying then. I guess I had it setup wrong.
Please refresh me on how to set it up.
Is it implemented in FusionNail 2?
best, paul
At 09:49 PM 10/15/02 -0400, you wrote:
>If that was not the real user relaying the mail then, yes, it's a
>spoof. That's why we implemented smtp authentication
>here.
>
>Regards,
>
>Howie
>
>----- Original Message -----
>From: <[EMAIL PROTECTED] (paul smith)>
>To: "inFusion Support List" <[EMAIL PROTECTED]>
>Sent: Tuesday, October 15, 2002 9:42 PM
>Subject: [iMS] Relay?
>
>
> > The original RCPT.CFM from FusionMail 1 contains the following:
> >
> > =========================
> > <!--- here we need to see if the sender of the mail is local to the iMS
> > server --->
> > <cfset username=#smtpfrom#>
> > <cfset AmpPos=find("@",username,"1")>
> > <cfif AmpPos gt 0>
> > <cfset username=left(username,evaluate(AmpPos-1))>
> > </cfif>
> > <cfquery name="getlocalsender" datasource="#iMS#">
> > SELECT DISTINCT pops.accountnum
> > FROM ((pops INNER JOIN aliases ON pops.accountnum=aliases.accountnum)
> > INNER JOIN domainaliases ON pops.domain=domainaliases.domainid)
> > INNER JOIN domains ON pops.domain=domains.domainid
> > WHERE aliases.alias='#username#'
> > AND domainaliases.domain='#fromdomain#'
> > AND domains.domaintype=1
> > </cfquery>
> >
> > <cfif getlocalsender.recordcount gt 0>
> > <inlog text="relay was sent from rcpt.cfm">
> > <cfoutput>
> > <inlog text="user name = #username#">
> > </cfoutput>
> > result=relay
> > <cfabort>
> > <cfelse>
> > ===================================
> >
> > where I reformatted it a bit some time ago and added 2 log entries.
> >
> > Today I notice my SMTP log contains many of the following:
> >
> > =================================
> > 10/15/2002 06:30:37 PM [032] 66.123.210.58 [66.123.210.58] Disconnected (1
> > total)
> > 10/15/2002 06:30:53 PM [021] 66.123.210.58 [66.123.210.58] Connected (1
> total)
> > 10/15/2002 06:30:53 PM [021] relay was sent from rcpt.cfm
> > 10/15/2002 06:30:53 PM [021] user name = HCH
> > 10/15/2002 06:31:14 PM [021] RELAY 66.123.210.58 [66.123.210.58]
> > <[EMAIL PROTECTED]> "daniel
> > relationshipsthatwork.com"@hypnotherapytraining.com 510576
> > 10/15/2002 06:31:14 PM [021] 66.123.210.58 [66.123.210.58] Disconnected (1
> > total)
> > 10/15/2002 06:31:20 PM [003] 66.123.210.58 [66.123.210.58] Connected (1
> total)
> > 10/15/2002 06:31:21 PM [003] MAIL 66.123.210.58 [66.123.210.58] <>
> > [EMAIL PROTECTED] 473
> > ==============================
> >
> > where [EMAIL PROTECTED] is an account on iMS
> >
> > Is this demonstrating that someone can spoof an iMS account address and
> > relay mail thru iMS?
> > (Note that the login name and alias for the account
> > [EMAIL PROTECTED] are the same, namely "HCH")
> >
> > best, paul
> >
==^=======================================================
This list server is Powered by iMS
"The Swiss Army Knife of Mail Servers"
--------------------------------------
To leave this list please complete the form at
http://www.coolfusion.com/iMSSupport.cfm
Need an iMS Developer license? Sign up for a free license here:
http://www.coolfusion.com/iMSDevelopers.cfm
List archives: http://www.mail-archive.com/infusion-email%40eoscape.com/
Note: You are subscribed as [email protected]
==^=======================================================
