Hi Serge and Danny First, thanx for your patience with me. Yes I'm wrong with my assumption that you can hack (send email through) the JAMES default javax.mail.Session.
Now I understand the problem. The SMTP specification specifies no authentication (user, password) mechanism. Therefore my application can send emails, without a valid authentication, over a SMTP server. A security hole? Therefore? A SMTP server can be configured to allow\ignore SMTP "request" from machines. The default configuration of JAMES is to allow only SMTP "request" from the local machine. To make SMTP secure (for "remote request" and "local request") the SMTP AUTH specification was written. Now I'm on the right way? Thanx a lot? Bye Michi
