On Fri, 2 Aug 2002, Steffen Herold wrote:
> --
> My relaying permisssion are based on SMTP Auth or pop before smtp.
> I tested it in the command line, but still do not know how the message could
> pass. I atached the debug information to this mail.
Actually, my mistake. This has nothing to do with relaying. You did not
relay this message. Relaying is defined as accepting a message from an
arbitrary orgin that is addressed to a non-local address. If
'receverdomain.de' is YOUR domain, then that is considered a local
address, and the sender address is irrelevant (actually the sender
address is never a consideration as long as its valid).
>
> Thanxx Steffen
>
> "Dave C." <djc@???> wrote:
>
> > On Thu, 1 Aug 2002, Steffen Herold wrote:
> >
> > > Hello,
> > >
> > > I'm using exim V3.35 and smtp auth. Smtp auth works fine but if there is a
> > > smtp mail incoming with
> > >
> > > mail from: receiver@???
> > > rcpt to: receiver@???
> > >
> > > the mail will be accepted without any authentication. How to protect from
> > > this?
> >
> > Sounds like you are relaying based on the sender email address. This is
> > insecure, as you can see.
> >
> > Relay permissions should be granted by sender IP address and/or SMTP
> > AUTH (or a POP/IMAP-before-SMTP approach) only.
> >
> >
> >
> > >
> > > Thanx Steffen Herold
> > > --
> > >
> > >
> > >
> > > --
> > >
> > > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> > details at http://www.exim.org/ ##
> > >
> > >
> >
> >
> >
> >
> >
>
> --
> +-------------------------------------+
> | This email was sent using RP-Webmail|
> | http://www.rasterpunkt.com/ |
> +-------------------------------------+
> --
> [ Content of type application/octet-stream deleted ]
> --
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>