Andrew,
> I have disabled RemoteNotInNetwork so that users who are dialing in
> through unknown ISP's can provide a password to send email.
Yes ... but how do you know in the processor which e-mail originated via
SMTP AUTH? FWIW, at the moment, we solve the general problem with ssh
tunneling.
> My second point is that I want to disable SMTP AUTH if the email comes
> from an ip within a specified network.
Disable it, or not require it?
> If this can be implemented, the hole can be closed by checking that the
> MAIL FROM:<> mail originates within the network.
RemoteAddr(Not)InNetwork should cover that aspect.
> Is there a valid reason to accept null senders through the SMTPHandler?
No idea. Ask Serge. I haven't checked the SMTP RFC to see if a null sender
is legit.
--- Noel
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
