> Vincenzo, > > An interesting problem, and one which has no obvious answer. > The problem is that it is not possible to carry out an > authentication conversation with the sender when the mail is > being processed, it is too late by then. > > Unfortunatly applying SMTP AUTH to mail for local delivery, while > fairly easy*, would have the effect of preventing external > senders sending mail to your domain. Senders, including > intermediate MTA's, would have to know how to authenticate. > > You might try embedding pgp, or another public/private key > technology, so that your mailet can verify the signature on messages. > > I think that your task might be impossible, if you can't trust > the sender address, or the SMTP sender from the Mail object, then > anything else can be faked too. > > > d. > > * Remove the domain from the servernames, so that James thinks > your mail is for remote delivery, james will then make the sender > authenticate, now replace the RecipientIsLocal matcher with > HostIs in the local delivery mailet. James now will demand AUTH > for local mail, but will deliver it locally and not try to send > it any further. > For completeness you would need to work out how to deal with mail > to a non-existent user of the domain, solving this problem is > left as an excercise for the reader.. (tip: use a new processor > for local delivery) ;-) > >
Danny, thanks for the answer. Perhaps a general solution (but probably needing a change in the James code and so outside of my reach) could be to have James require always an authentication from the sender and, in case of failure, block only messages going to non-local users like now to avoid open relay spamming, but allowing in any case matchers and mailets to check if there has been a successful authentication/verification. Does it make sense? Thanks, Vincenzo --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
