[jira] [Commented] (JAMES-3525) Authentication required for same domain different user

Sun, 28 Mar 2021 19:22:08 -0700 


    [ 
https://issues.apache.org/jira/browse/JAMES-3525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17310323#comment-17310323
 ] 

Benoit Tellier commented on JAMES-3525:
---------------------------------------

Hello Babu,

On the motorbike today to go to work I figured out a mitigation strategy for 
this issue.

We can, in the mail post processing easily reject unauthentified local sender.

{code:java}
        <processor state="transport" enableJmx="true">
            <!--- Drop unauthenticated local senders -->
            <matcher name="not-authenticated" 
match="org.apache.james.mailetcontainer.impl.matchers.Not">
                <matcher match="SMTPAuthSuccessful"/>
            </matcher>
            <matcher name="james-3525" 
match="org.apache.james.mailetcontainer.impl.matchers.And">
                <matcher match="not-authenticated"/>
                <matcher match="SenderHostIsLocal"/>
            </matcher>
            <mailet match="james-3525" class="Null"/> <!-- or whatever else 
suitable eg mail repository -->
            <!--- ... -->
        </processor>
{code}


> Authentication required for same domain different user
> ------------------------------------------------------
>
>                 Key: JAMES-3525
>                 URL: https://issues.apache.org/jira/browse/JAMES-3525
>             Project: James Server
>          Issue Type: Improvement
>          Components: SMTPServer
>    Affects Versions: 3.5.0
>            Reporter: Babu Raj K R
>            Priority: Major
>         Attachments: mailetcontainer.xml, smtpserver.xml
>
>
> I am using james-server-app-3.5.0-app.
> We have a local domain mapped in our local dns server named syncme.com .  
> This mail server is used in our WAN only(no public ip).
> We created 2 users- 1) [[email protected]|mailto:[email protected]] - 2) 
> [[email protected]|mailto:[email protected]]
> We enabled auth in mail server. SMTP and POP works fine.
> This problem is :-
> I can send mail from [[email protected]|mailto:[email protected]] to 
> [[email protected]|mailto:[email protected] without authentication
> The above scenario i need to block and for all SMTP transmission i need 
> authentication.
> What should i need to do this for enabling the above one.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to