At 09/06/04 14:03 (), you wrote:
Hi Devendra,

At 18:38 07.06.04 +0530, you wrote:
>I am using Erwin Hoffmann's qmail-smtpd-auth-0.4.2.

Thanks for using it.

>I have noticed that once authenticated a user can use [EMAIL PROTECTED] >(where is a domain listed in rcpthosts) in the FROM header. Is >there any remedy.

Yes, thats possible.

You can prevent it partially with my SPAMCONTROL patch for Qmail.
It includes SMTP Autentication (with some nice logging).

In addition you may want to set the environment variable "LOCALMFCHEK".
For a relayclient (in particular in case of an SMTP authenticated session),
you may inforce that the domain part of the "Mail From:" in the SMTP
envelope corresponds with your list of rcpthosts or some arbitary name
provided thru the variable LOCALMFCHECK.

See: section

A more general discussion about SMTP Authentication can be found at:

Thanks Erwin,

I am already using the following into the /etc/tcp.smtp


As you have rightly said LOCALMFCHECK does "prevent it partially with my SPAMCONTROL".

If you try to notice what Shouguan Lin had pointed with features

o Added my own patch, that checks whether the 'mail from' value is
different from the username used for SMTP AUTH, thus preventing
source address spoofing. Useful for ISP's that only relay mails
from authenticated users.
o The 'mail from' verification is now configurable through a knob
defined in /var/qmail/control/spoofcheck or in the environment
variable $SPOOFCHECK

Dr Erwin, You whole Spamcontrol Patch is so good that I have been using it in entirety since quite some time with remarkable results. I am sure that you may be able to add the functionality to stop own spamming clients.


Devendra Singh

Devendra Singh
IndiaMART InterMESH Limited
(Global Gateway to Indian Market Place)
B-1, Sector 8, Noida, UP - 201301, India
EPABX : +91-120-2424945, +91-120-3094634, +91-9810646342
Fax: +91-120-2424943

Reply via email to