On Thu, Aug 01, 2002 at 02:26:01PM +0200, Steffen Herold wrote:
> > On Thu, Aug 01, 2002 at 09:35:01AM +0200, Steffen Herold wrote:
> > > mail from: receiver@???
> > > rcpt to: receiver@???
> > > the mail will be accepted without any authentication. How to protect from
> > > this?
> > If receiverdomain.de is a real local domain, then that's what you want it
> > to do, surely?
> My problem is that anyone can use the mail server to relay to local users if
> he use a local domain as sender address without authentication.
This is not what "relay" in mail system terms normally means.
> Of course the server have to accept mails to local domains when the sender is
> not local without authentication.
Right
> So is that normal?
Totally.
Think about what happens if you send a mail to another user's outside
address, and they have a .forward (or equivalent mechanism) to forward
back to the same domain.
If you really consider it to be a problem, be aware that it can break
legitimate things, and look up the ACL part of the exim specification.
MBM
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/
