On Fri, 30 Oct 2009, Chen Shihai wrote: > Hi all, > > We're running XMail 1.25 on RHEL 5.3 and got a problem. Some spam host outside > can send us spam mail using our local account(even mailing list account) > without > authentication. Why? > > See mail header of one spam: > > Return-Path: <[email protected]> > Delivered-To: [email protected] > Received: from [117.205.131.13] ([117.205.131.13]:1863) > by coes.cn ([192.168.1.250]:25) > with [XMail 1.25 ESMTP Server] id <SCECE2> for <[email protected]> from > <[email protected]>; > Fri, 30 Oct 2009 18:58:53 +0800 > Message-ID: <[email protected]> > Date: Fri, 30 Oct 2009 03:00:11 -0800 > From: "Florene Ednilao" <[email protected]> > To: "ec" <[email protected]> > Subject: When did you go away? > X-mailer: Foxmail 5.0 [en] > Mime-Version: 1.0 > Content-Type: multipart/alternative; > boundary="=====003_Dragon864117520463_=====" > > Where [email protected] is a mailing list account.
Even though your mailing list has ClosedML set, there's no way any MTA can validate sender forging (unless you force everyone posting on your mailing list to be authenticated). - Davide _______________________________________________ xmail mailing list [email protected] http://xmailserver.org/mailman/listinfo/xmail
