the issue is not with authentication/relay. Mails are relaying and users are able to authenticate. Theses email users are linux system users from /etc/passwd. Auth is done in the same way.
Now, when it comes to email. The issue is that username is just foo and not [EMAIL PROTECTED] in short.. for MTA, auth is just the linux user account and doesnt verify is the username and email address are the same.. meaning.. it checks user/passwd for 'foo' and doesnt check if the email address used is [EMAIL PROTECTED] In such the issue is : User 'bar' can make following changes to his mail client: Name: Foo (instead of Bar) email addr: [EMAIL PROTECTED] (instead of [EMAIL PROTECTED]) username: bar (default) passwd: <bar's password> In the last two bar will put his own details, which makes the authentication successful. And since its from the same domain, relay is also successful. In short, bar can send emails using foo's email address. I hope this explains things in a better way. Please ask if me if there are any doubts. Regards, Doors --- In [email protected], "Viket Trivedi" <[EMAIL PROTECTED]> wrote: > > Hi, > > Seems like your sendmail is not configured to be send/relay mails of > authenticated users only. > check how to configure /etc/mail/access. > this file allows you to control which users or hosts will be able to send / > relay mails from your sendmail. > > hope this helps. > can you share your sendmail.mc file if thats not the case. > > regards, > viket > > On Mon, Sep 1, 2008 at 7:41 PM, Vikrant Telkar <[EMAIL PROTECTED]> wrote: > > > I don't think this is server problem. Its MTA which is outlook in your > > case is having this bug. And its known bug. > > > > With regards > > Vikrant Telkar > > > > > > > > --- On Mon, 9/1/08, DoOrsOfpErcEpTioN <[EMAIL PROTECTED]<msgcoffer%40yahoo.com>> > > wrote: > > > > From: DoOrsOfpErcEpTioN <[EMAIL PROTECTED] <msgcoffer%40yahoo.com>> > > Subject: [LinuxVadaPav] Re: Sendmail Auth + envelope address > > To: [email protected] <linuxvadapav%40yahoogroups.com> > > Date: Monday, September 1, 2008, 11:28 AM > > > > > > any idea on this one ? > > the issue is ... anyone can use any email address and send mail using > > linux system user. It cant be a bug.. i think I am missing something. > > I just dont get which one! > > > > --- In linuxvadapav@ yahoogroups. com, "DoOrsOfpErcEpTioN" > > <msgcoffer@ ..> wrote: > > > > > > Hi, > > > > > > I have a sendmail setup with linux system users as the login > > > > > > --> user1@ here the username is 'user1' > > > --> The mail server works for single domain. > > > > > > Now, I am faced with an issue that anyone can edit sender (from addr) > > > as user2@ (in outlook for instance)and use the > > > username/passwd of user1 and send an email. > > > > > > The mail actually uses sender address as user2@ and on > > > reply it will go to user2. > > > > > > The issue I am facing here is that of envelope address. It doesnt > > > verify if the address belong to the user. How do I configure sendmail > > > to check it? I have gone through 'Local_check_ mail' CF command as > > > mentioned here--> http://sendmail. cuzuco.com/ , but I guess that is > > > not useful. Is there any other method to get this right ? > > > > > > regs, > > > > > > DoOrsOfpErcEpTiON > > > > > > > [Non-text portions of this message have been removed] > > > > > > > > > [Non-text portions of this message have been removed] >
