Hi Devendra,

At 18:38 07.06.04 +0530, you wrote:
>I am using Erwin Hoffmann's qmail-smtpd-auth-0.4.2.

Thanks for using it.

>I have noticed that once authenticated a user can use [EMAIL PROTECTED] 
>(where server.com is a domain listed in rcpthosts) in the FROM header. Is 
>there any remedy.

Yes, thats possible.

You can prevent it partially with my SPAMCONTROL patch for Qmail.
It includes SMTP Autentication (with some nice logging).

In addition you may want to set the environment variable "LOCALMFCHEK".
For a relayclient (in particular in case of an SMTP authenticated session),
you may inforce that the domain part of the "Mail From:" in the SMTP
envelope corresponds with your list of rcpthosts or some arbitary name
provided thru the variable LOCALMFCHECK.

See: http://www.fehcom.de/qmail/spamcontrol/README_spamcontrol.html section

A more general discussion about SMTP Authentication can be found at:



Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24

Reply via email to