René Cordier created JAMES-3579:
-----------------------------------
Summary: verifyIdentity param should be rejected if authRequired
is set to false in SMTP configuration
Key: JAMES-3579
URL: https://issues.apache.org/jira/browse/JAMES-3579
Project: James Server
Issue Type: Bug
Components: SMTPServer
Reporter: René Cordier
According to the smtp conf documentation
https://james.apache.org/server/config-smtp-lmtp.html:
"handler.verifyIdentity
This is an optional tag with a boolean body. This option can only be used if
SMTP authentication is required. If the parameter is set to true then the
sender address for the submitted message will be verified against the
authenticated subject. Verify sender addresses, ensuring that the sender
address matches the user who has authenticated. It will verify that the sender
address matches the address of the user or one of its alias (from user or
domain aliases). This prevents a user of your mail server from acting as
someone else If unspecified, default value is true."
However, it has been observed that when authRequired is set to false in
smtpserver.xml, if verifyIdentity is set to true, the SMTP server is expecting
that the user is authenticated to be able to verify its identity.
To stick to the documentation of James, we should reject this case on James
startup.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
