> > The source of a mail is trusted if the mail is > > 1. received through smtp from a local host - based on its > ip address > > 2. received through smtp from an smtp authenticated host 3. > generated > > within james > Concerning 1: There's the possibility of ip spoofing, so this > isn't a bullet proof indicator of the trustworthiness of a > mail. I don't know if this is an issue, though. If it is, I'd > like to see this criteria for relaying being configurable. > Maybe something like: > > <authRequired>all|non-local|none</authRequired>
I fully agree with that. Some Webmailers such as JWebMail can't use SMTP Auth for sending, so it would be great to accept all Mails from localhost.
