> The source of a mail is trusted if the mail is > 1. received through smtp from a local host - based on its ip address > 2. received through smtp from an smtp authenticated host > 3. generated within james Concerning 1: There's the possibility of ip spoofing, so this isn't a bullet proof indicator of the trustworthiness of a mail. I don't know if this is an issue, though. If it is, I'd like to see this criteria for relaying being configurable. Maybe something like:
<authRequired>all|non-local|none</authRequired> Then you'd be sure that every mail within the spool is authenticated according to the administrator's view. Either it is allowed due to configuration/authentication (your 1. and 2.) or it was inserted into the spool directly by james (your 3.). Regards, Thomas -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
