Re: Missing Option AuthRequiredForAllIPs
The auth mechanism works very well and I don't want to change anything to it. The only thing missing is the ability to advertise that AUTH is available _also_ to trusted hosts. The behaviour currently is that if the host is trusted (127.0.0.1 typically) james hides it's ability to receive auth connections (answer to EHLO doesn't contain "250 AUTH LOGIN PLAIN" anymore). I don't see how allowing a trusted to see AUTH capability is a security threat (since all external untrusted hosts are allowed to see it obviously). Danny Angus wrote: What I would like is: a) be able to send a mail from localhost without authentication b) be able to send a mail from localhost (precisely from a spam-filtering proxy such as ASSP) _with_ authentication. As I understood it advertising AUTH supported is equivalet to requiring auth, are you suggesting that we advertise AUTH required but still allow unathenticated relaying? If so I'm not sure that I'd support such a change as it introduces a security hole in the AUTH mechanism. Far better to require AUTH from everyone and deal with it, after all not requiring AUTH from localhost is surely a convenience only. Most, surely all, methods of sending from localhost will be indistingushable from remote proceses, all we are doing is assigning some higher level of trust because we trust our local machine and our ability to identify it. d. *** The information in this e-mail is confidential and for use by the addressee(s) only. If you are not the intended recipient (or responsible for delivery of the message to the intended recipient) please notify us immediately on 0141 306 2050 and delete the message from your computer. You may not copy or forward it or use or disclose its contents to any other person. As Internet communications are capable of data corruption Student Loans Company Limited does not accept any responsibility for changes made to this message after it was sent. For this reason it may be inappropriate to rely on advice or opinions contained in an e-mail without obtaining written confirmation of it. Neither Student Loans Company Limited or the sender accepts any liability or responsibility for viruses as it is your responsibility to scan attachments (if any). Opinions and views expressed in this e-mail are those of the sender and may not reflect the opinions and views of The Student Loans Company Li mited. This footnote also confirms that this email message has been swept for the presence of computer viruses. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Missing Option AuthRequiredForAllIPs
> What I would like is: > a) be able to send a mail from localhost without authentication > b) be able to send a mail from localhost (precisely from a > spam-filtering proxy such as ASSP) _with_ authentication. As I understood it advertising AUTH supported is equivalet to requiring auth, are you suggesting that we advertise AUTH required but still allow unathenticated relaying? If so I'm not sure that I'd support such a change as it introduces a security hole in the AUTH mechanism. Far better to require AUTH from everyone and deal with it, after all not requiring AUTH from localhost is surely a convenience only. Most, surely all, methods of sending from localhost will be indistingushable from remote proceses, all we are doing is assigning some higher level of trust because we trust our local machine and our ability to identify it. d. *** The information in this e-mail is confidential and for use by the addressee(s) only. If you are not the intended recipient (or responsible for delivery of the message to the intended recipient) please notify us immediately on 0141 306 2050 and delete the message from your computer. You may not copy or forward it or use or disclose its contents to any other person. As Internet communications are capable of data corruption Student Loans Company Limited does not accept any responsibility for changes made to this message after it was sent. For this reason it may be inappropriate to rely on advice or opinions contained in an e-mail without obtaining written confirmation of it. Neither Student Loans Company Limited or the sender accepts any liability or responsibility for viruses as it is your responsibility to scan attachments (if any). Opinions and views expressed in this e-mail are those of the sender and may not reflect the opinions and views of The Student Loans Company Limited. This footnote also confirms that this email message has been swept for the presence of computer viruses. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Missing Option AuthRequiredForAllIPs
Let me explain :-) I don't want to _require_ authentication. I want it to be a possibility. What I would like is: a) be able to send a mail from localhost without authentication b) be able to send a mail from localhost (precisely from a spam-filtering proxy such as ASSP) _with_ authentication. Note that authentication _already_ does work. The only thing I miss with Mozilla Thunderbird as client is that James' answer to EHLO doesn't state it does support AUTH it if you come from an authorized address. Which causes Thunderbird to not even try authentication. All that would be required would be an option like "AlwaysAnnounceAuthSupport". As I told before, users must go through ASSP which passes the authentication onto James, since they are remote (no fixed ip). So we reach this problem where going through assp (on the same machine) makes the user look like it's coming from localhost but still needs to authenticate (otherwise assp would refuse the connection). I am not certain I managed to be clear enough. Danny Angus wrote: At this point I have to chose between authentication working through a local proxy or allowing localhost to send mail. You asked for authentication to be required for localhost, you can't ask for it not to be required at the same time! d. *** The information in this e-mail is confidential and for use by the addressee(s) only. If you are not the intended recipient (or responsible for delivery of the message to the intended recipient) please notify us immediately on 0141 306 2050 and delete the message from your computer. You may not copy or forward it or use or disclose its contents to any other person. As Internet communications are capable of data corruption Student Loans Company Limited does not accept any responsibility for changes made to this message after it was sent. For this reason it may be inappropriate to rely on advice or opinions contained in an e-mail without obtaining written confirmation of it. Neither Student Loans Company Limited or the sender accepts any liability or responsibility for viruses as it is your responsibility to scan attachments (if any). Opinions and views expressed in this e-mail are those of the sender and may not reflect the opinions and views of The Student Loans Company Li mited. This footnote also confirms that this email message has been swept for the presence of computer viruses. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Missing Option AuthRequiredForAllIPs
> At this point I have to chose between > authentication working through a local proxy or allowing localhost to > send mail. You asked for authentication to be required for localhost, you can't ask for it not to be required at the same time! d. *** The information in this e-mail is confidential and for use by the addressee(s) only. If you are not the intended recipient (or responsible for delivery of the message to the intended recipient) please notify us immediately on 0141 306 2050 and delete the message from your computer. You may not copy or forward it or use or disclose its contents to any other person. As Internet communications are capable of data corruption Student Loans Company Limited does not accept any responsibility for changes made to this message after it was sent. For this reason it may be inappropriate to rely on advice or opinions contained in an e-mail without obtaining written confirmation of it. Neither Student Loans Company Limited or the sender accepts any liability or responsibility for viruses as it is your responsibility to scan attachments (if any). Opinions and views expressed in this e-mail are those of the sender and may not reflect the opinions and views of The Student Loans Company Limited. This footnote also confirms that this email message has been swept for the presence of computer viruses. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Missing Option AuthRequiredForAllIPs
No it wouldn't. Imagine I would like to send mail from localhost without authentication? I just can't. At this point I have to chose between authentication working through a local proxy or allowing localhost to send mail. Vincenzo Gianferrari Pini wrote: But wouldn't it be totally equivalent to commenting out such option? Vincenzo Jacques Lema wrote: Yes, of course I actually fixed the problem for me by commenting this line since this exact server doesn't really need to allow localhost to send mail. However I think it would be a nice addition to have an option to force always showing the AUTH capability. I am not familiar with james source but I am pretty sure this is a quick one. No, in 2.2.0 if the remote IP is in the authorized network specified with , the SMTP AUTH will not be enforced. BTW, perhaps Jacques can solve his problem just commenting out his 127.0.0.1 entry, unless there is any other need. Vincenzo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Missing Option AuthRequiredForAllIPs
But wouldn't it be totally equivalent to commenting out such option? Vincenzo Jacques Lema wrote: Yes, of course I actually fixed the problem for me by commenting this line since this exact server doesn't really need to allow localhost to send mail. However I think it would be a nice addition to have an option to force always showing the AUTH capability. I am not familiar with james source but I am pretty sure this is a quick one. No, in 2.2.0 if the remote IP is in the authorized network specified with , the SMTP AUTH will not be enforced. BTW, perhaps Jacques can solve his problem just commenting out his 127.0.0.1 entry, unless there is any other need. Vincenzo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Missing Option AuthRequiredForAllIPs
Yes, of course I actually fixed the problem for me by commenting this line since this exact server doesn't really need to allow localhost to send mail. However I think it would be a nice addition to have an option to force always showing the AUTH capability. I am not familiar with james source but I am pretty sure this is a quick one. No, in 2.2.0 if the remote IP is in the authorized network specified with , the SMTP AUTH will not be enforced. BTW, perhaps Jacques can solve his problem just commenting out his 127.0.0.1 entry, unless there is any other need. Vincenzo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Missing Option AuthRequiredForAllIPs
Danny Angus wrote: The result? The connection issued by ASSP comes from 127.0.0.1 which is an authorized address, for obvious reasons. As a consequences james answer to isAuthorized() is Yes, which causes it not to display the 250 auth login message and therefore causes thunderbird not to use auth. I though that SMTP AUTH requirement depended only upon the route of the mail as calculated from recipient address, To Local address == OK To remote address == AUTH No? d. No, in 2.2.0 if the remote IP is in the authorized network specified with , the SMTP AUTH will not be enforced. BTW, perhaps Jacques can solve his problem just commenting out his 127.0.0.1 entry, unless there is any other need. Vincenzo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Missing Option AuthRequiredForAllIPs
> The result? > The connection issued by ASSP comes from 127.0.0.1 which is an > authorized address, for obvious reasons. As a consequences james answer > to isAuthorized() is Yes, which causes it not to display the 250 auth > login message and therefore causes thunderbird not to use auth. I though that SMTP AUTH requirement depended only upon the route of the mail as calculated from recipient address, To Local address == OK To remote address == AUTH No? d. *** The information in this e-mail is confidential and for use by the addressee(s) only. If you are not the intended recipient (or responsible for delivery of the message to the intended recipient) please notify us immediately on 0141 306 2050 and delete the message from your computer. You may not copy or forward it or use or disclose its contents to any other person. As Internet communications are capable of data corruption Student Loans Company Limited does not accept any responsibility for changes made to this message after it was sent. For this reason it may be inappropriate to rely on advice or opinions contained in an e-mail without obtaining written confirmation of it. Neither Student Loans Company Limited or the sender accepts any liability or responsibility for viruses as it is your responsibility to scan attachments (if any). Opinions and views expressed in this e-mail are those of the sender and may not reflect the opinions and views of The Student Loans Company Limited. This footnote also confirms that this email message has been swept for the presence of computer viruses. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
