You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by Jacques Lema <ja...@link-u.com> on 2004/07/28 12:06:10 UTC

Missing Option AuthRequiredForAllIPs

Hi,

  I stumbled across a problem with james (2.2.0), ASSP (antispam filter) 
and Thunderbird as mail client.

The problem is that Mozilla Thunderbird does NOT use authentification is 
the server does not advertise it supports it (250 - AUTH LOGIN PLAIN). 
If it doesn't state that is supports AUTH then auth doesn't happen and 
the connection fails.

The problem is that if, instead of connecting directly to james, the 
user connects through assp (required for whitelisting and such things) 
the connection comes from ASSP which is on the same machine. The result? 
The connection issued by ASSP comes from 127.0.0.1 which is an 
authorized address, for obvious reasons. As a consequences james answer 
to isAuthorized() is Yes, which causes it not to display the 250 auth 
login message and therefore causes thunderbird not to use auth.

Obviously a very useful feature would be an option for forcing the 
announcement of AUTH capabilities as answer to EHLO, whatever the source 
ip is. What do you think?

Thanks,
  Jacques






---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org