"Darek M" <[EMAIL PROTECTED]> writes: > First, I realized that when I send someone an email, they reply to > user-<random-string>@whatever.com .
Actually, it's user-confirm-<non-random-string>@whatever.com. More to the point, the <non-random-string> contains a cryptographic hash that relates the string to a particular message stored in the pending queue. > I then realized that if I know the random string, I can bypass tmda > altogether from any account not in the whitelist. Because the hash relates the -confirm- address to a particular message, only that message can be released to your Inbox. If the message has already been released, the sender will be alerted. The string cannot be used to "bypass" TMDA. You *can* reply from any account using that string, but the string still refers to the original message and only to that message. > So right now, it appears to me that if I send an email from my > tmda-protected address to someone not in my whitelist, they can reply to > me only on the address with the random bit in it. If they replied to > [EMAIL PROTECTED], they'd still be asked to verify. That is correct. > Is this the correct behaviour of tmda-ofmipd? Or is it designed to also > edit a user's white list and add the email address I send a message to to > the whitelist? My whitelist is not being edited at this point. You can configure TMDA to add the recipient(s) to your whitelist, if you wish. It is not automatic. This is done in your outgoing filter. For example, you could place this rule at the end of your outgoing filter to catch any otherwise unmatched recipients and append them to the BARE_APPEND file: to * tag envelope dated=10d from bare=append If you do not have access to your outgoing filter, you can either add an X-TMDA: header field to your message or you can set the X_TMDA_IN_SUBJECT configuration variable: http://www.tmda.net/config-vars.html#X_TMDA_IN_SUBJECT In any case, you will need to send mail with a "bare" From: address, using the 'bare=append' rule, as in the filter rule above. TMDA will append the recipient(s) address(es) to the file you reference in the BARE_APPEND configuration variable. http://www.tmda.net/config-vars.html#BARE_APPEND This can be set to your whitelist or to another file. If it is another file, be sure to include a rule in your incoming filter that checks that other file. > Second, have you guys experienced any issues with sending mail with > Outlook (Express 6 in particular)? On some computers the error message > says that HELO is not implemented. But I can send mail through tmda-ofmipd > on port 8025 on another copy of Outlook which sends "EHLO". Maybe it is a > patch issue? I'm not sure about this, but the SMTP-AUTH protocol may require EHLO. A brief glance at the code suggests that tmda-ofmipd does not, in fact, support a plain HELO. Tim _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
