At 07/06/04 20:05 (), you wrote:
On Monday 07 June 2004 08:08 am, Devendra Singh wrote:
> Hi,
> I am using Erwin Hoffmann's qmail-smtpd-auth-0.4.2.
> I have noticed that once authenticated a user can use [EMAIL PROTECTED]
> (where is a domain listed in rcpthosts) in the FROM header.

even an unauthenticated user can do this.  How do you think this mailing list
post will have my From: header, but an envelope sender of
vchkpw-return-<somenumber>[EMAIL PROTECTED]

> Is > there any remedy.

What Problem Are You Trying To Solve?


Sorry Jeremy,

Perhaps I was unable to explain the problem properly.

Suppose a Server is hosting the following domains:

Now, the user [EMAIL PROTECTED] has been enabled for SMTP (not POP-Before SMTP but SMTP-AUTH using Erwin's Patch).

If the user [EMAIL PROTECTED] tries to send an email as [EMAIL PROTECTED] in FROM headers, its denied. But, if he impersonates (for say spamming) in FROM headers as [EMAIL PROTECTED] or even [EMAIL PROTECTED] his outgoing mail would go through. Isn't this a case to worry?

The example that you have talked about is totally unrelated to the above explained situation.

Devendra Singh

Devendra Singh
IndiaMART InterMESH Limited
(Global Gateway to Indian Market Place)
B-1, Sector 8, Noida, UP - 201301, India
EPABX : +91-120-2424945, +91-120-3094634, +91-9810646342
Fax: +91-120-2424943

Reply via email to