Stefano:
Here is the actual scenario I try to prevent: Let's say I use james email
server at corporation xyz.com. A hacker/email worm program telnet to SMTP port
(inside or outside the corporate firewall), uses one of the employees' email
address as "from" address (say [EMAIL PROTECTED]), and sends another employee
an email. You can see how this is clearly dangerous because a hacker/email
worm can impersonate anybody in corporation.
As my server is configured now, it will allow this attack because (a)
IP-based authentication is unreliable at all because attacker or worm could be
inside or outside corporate firewall
(b) SMTP authentication is not required because RCPT TO address contains
"@xyz.com"
I would like to disable all relaying if both conditions are true:
* The "from" address contains @xyz.com
* The sender is not authenticated.
How can I achieve this goal?
Ken
Stefano Bagnara <[EMAIL PROTECTED]> wrote: SMTP Authentication is defined in
the SMTP rfc and is not related with
the from address.
If you are authenticated james does not perform relay checks. If you are
not authenticated then messages destinated (SMTP RCPT TO: command
argument) to domains included in "" will be accepted while
messages destinated to domains not included will be rejeacted.
SMTP authentication is not related to spam received.
Stefano
Ken Lin wrote:
> Hi:
>
> I installed the james mail server behind a firewall, and exposed its SMTP
> port through firewall tunneling. Because of the firewall, I cannot do any IP
> based authentication because all incoming connection shows the internal
> address of the firewall (192.0.something)
>
> I turned on the SMTP authentication, and expected that it to authenticate
> each email the "from" address of which contains the server name that James
> is responsible for.
>
> I tried a mail server testing web site to test whether james server rejects
> spams properly. It seems that if the authentication of SMTP was turned on in
> every case where "from" address contains the server name EXCEPT in one case
> where both the "from" address and "to" address contain the server name.
>
> Can anyone help pointing out how I can turn on SMTP authentication for James
> in the case the "from" address and "to" address contains the server name
> that James is responsible for?
>
> Thanks in advance!
>
> Ken
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------
Yahoo! Mail
Use Photomail to share photos without annoying attachments.
