On Monday 07 June 2004 10:17 am, Devendra Singh wrote:
> Sorry Jeremy,
> Perhaps I was unable to explain the problem properly.
> Suppose a Server is hosting the following domains:
> abc.com
> xyz.com
> test.com
> ....
> ....


> Now, the user [EMAIL PROTECTED] has been enabled for SMTP (not POP-Before SMTP
> but SMTP-AUTH using Erwin's Patch).
> If the user [EMAIL PROTECTED] tries to send an email as [EMAIL PROTECTED] in FROM
> headers, its denied.

no, it's not, unless you've got some funky stuff set up, in which case, you'll 
have to provide more details.

> But, if he impersonates (for say spamming) in FROM 
> headers as [EMAIL PROTECTED] or even [EMAIL PROTECTED] his outgoing mail would go
> through. Isn't this a case to worry?

well, if you see it happening, that's why <insert deity here> created userdel.

> The example that you have talked about is totally unrelated to the above
> explained situation.

no, it's entirely the same concept.  Why let an unauthenticated user use any 
combination of envelope sender/header information but restrict authenticated 
users.  Doesn't make much sense to me.


Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
  [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l
        kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail

Reply via email to