I was seeing the problem from the admin side: I can trust my components but not my clients and therefore the check should be enforced only for clients.
It will be inforced for clients, clients cannot spoof addresses at all, on all implementations they should be simply replacing the from if it has been set with the proper address.
Components as far as I understand it should be able to spoof messages as much as you like, but if you try to send those outside your server and want them to be delivered you must ensure that the domain in the from address is the domain of the server you are trying to send it from, otherwise remote servers will reject your attempts to deliver messages they see as spoofed to them.
Why? I don'get this. If I write my s2s component sending messages from [EMAIL PROTECTED], who can block me? AFAIK, from the outside nobody can detect that those are fake users.
I see, so you are not really spoofing addresses in regard to spoofing the domain name (which you will never be able to do).
Getting back to the original problem. Thus if a want to be able to have a webservice enabling users to send message with rpc-like calls, the only solution with the present server is to keep a connection open for any possible user of this server. Am I right?
You will be able to spoof messages to your local users, but any messages you try to send remotely will only work if you are trying to send them from a domain name your server is responsible for, and dialback is working for.
Richard
_______________________________________________ jdev mailing list [email protected] http://mail.jabber.org/mailman/listinfo/jdev
