Re: [Exim] Unathenticated SMTP ??

Top Page
Delete this message
Reply to this message
Author: Giuliano Gavazzi
Date:  
To: Peter Richards, exim-users
Subject: Re: [Exim] Unathenticated SMTP ??
At 5:19 pm -0800 2004/01/04, Peter Richards wrote:
[some sentences that simply do not make sense because the terminology
is not clear... and even harder to decode as the quoting was a bit
broken]

Look, everything gets harder if the problem (if there is really one)
is not put down in the correct way. The only sentence I can
understand unequivocally, I think, is:

>
>I just logged in (Telnet) to 'domain1', used that
>domain as the "MAIL FROM", and I was able to send an
>email to two other domains. No authentication was used
>at all. What does that mean ?


interpreting "logged in (Telnet) to 'domain1'", as "I connected to
the SMTP port of the server at the address domain1" then I can see
your concern.
If the two other domains you mention are not RELAY or LOCAL domains
for that server and if you are NOT in an IP zone that is accepted by
the server, then it looks like that server might be wrongly use MAIL
FROM as a RELAY criterium. This would be a classic spammer trick. But
I doubt it...

If instead those two domain ARE either LOCAL or RELAY domains for
that server OR if you ARE in an IP zone accepted by the server, then
what you say is the expected behaviour.

> > My concern is that, if I can do it, so can ANYONE


I do not see the logical flow, rather the flaw. If your sentence was
correct that ANYONE could do anything you can do. And *I* would be
concerned if I were in you....


>This isn't mail "TO" me, it is mail THROUGH my domain.


explain. What is "me" and how can you send mail through a domain?
Did you mean, this is not mail to an email address in my domain, it
is mail via (o relayed by, or through if you like) a mail server that
should only accept mail for my domain?

Check again:

1) does that mail server only accept mail for my domain?

2) am I testing from an IP address that is in a special range that is
going to be accepted by that server? As I said in my prev email, this
is quite normal if the mail server is run by the same ISP that you
are using for your internet connection, and in other situations too.

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/