On Jun 7, 2004, at 9:28 PM, Devendra Singh wrote:
I would like to re-frame my Subject: "SMTP Authenticated user is able to impersonate anyone in rcpthosts".

You could re-frame it even more. Authenticated SMTP users can use any FROM address and submit mail for any host.

Some clients may have multiple from addresses going through a single authenticated session. Limiting them to the address they authenticated as may be too strict. Including it in the Received header is probably a more useful option.

Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/

Reply via email to