You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Ole Ersoy <ol...@yahoo.com> on 2006/03/06 05:04:01 UTC
JavaMail not required to authenticate
Hi,
I wrote a simple javamail program, and noticed that it
is allowed to send messages without authenticating.
I have <authRequired>true</authRequired> in the SMTP
config block and when using thunderbird to connect the
same user authentication is required.
Initially I thought this might be because of the
<authAddress> elements in the smtp config block, so I
commented all of them out and restarted the server.
Javamail can still send mail without authenticating.
Any ideas on how to require javamail to authenticate?
I'm running 2.20 BTW.
Thanks,
- Ole
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: JavaMail not required to authenticate
Posted by Ole Ersoy <ol...@yahoo.com>.
Stefano,
Thanks! You just explained why the authentication is
not required. I am sending message from a local
address to a local address.
Thanks! Now I can rest easy knowing that there are no
security holes.
Cheers,
- Ole
--- Stefano Bagnara <ap...@bago.org> wrote:
> I don't understand the problem, maybe you should
> provide more
> informations on your configuration and the test that
> fail.
>
> Keep in mind that also with "authRequired = true"
> james will accept
> messages destinated to local addresses with no
> authentication.
> This is a needed SMTP behaviour, if we remove this
> you will not be able
> to receive mail. If you want to require
> authentication for every message
> you should remove every domain from your servernames
> configuration and
> then use your own matcher to LocalDelivery instead
> of HostIsLocal.
>
> Please provide more information on what you are
> trying to achieve
> because it's unlikely that you need the above
> configuration for "real"
> use cases.
>
> Stefano
>
> Ole Ersoy wrote:
> > Hi,
> >
> > I wrote a simple javamail program, and noticed
> that it
> > is allowed to send messages without
> authenticating.
> >
> > I have <authRequired>true</authRequired> in the
> SMTP
> > config block and when using thunderbird to connect
> the
> > same user authentication is required.
> >
> > Initially I thought this might be because of the
> > <authAddress> elements in the smtp config block,
> so I
> > commented all of them out and restarted the
> server.
> > Javamail can still send mail without
> authenticating.
> >
> > Any ideas on how to require javamail to
> authenticate?
> >
> > I'm running 2.20 BTW.
> >
> > Thanks,
> > - Ole
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> server-user-unsubscribe@james.apache.org
> > For additional commands, e-mail:
> server-user-help@james.apache.org
> >
> >
>
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> server-user-unsubscribe@james.apache.org
> For additional commands, e-mail:
> server-user-help@james.apache.org
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: JavaMail not required to authenticate
Posted by Stefano Bagnara <ap...@bago.org>.
I don't understand the problem, maybe you should provide more
informations on your configuration and the test that fail.
Keep in mind that also with "authRequired = true" james will accept
messages destinated to local addresses with no authentication.
This is a needed SMTP behaviour, if we remove this you will not be able
to receive mail. If you want to require authentication for every message
you should remove every domain from your servernames configuration and
then use your own matcher to LocalDelivery instead of HostIsLocal.
Please provide more information on what you are trying to achieve
because it's unlikely that you need the above configuration for "real"
use cases.
Stefano
Ole Ersoy wrote:
> Hi,
>
> I wrote a simple javamail program, and noticed that it
> is allowed to send messages without authenticating.
>
> I have <authRequired>true</authRequired> in the SMTP
> config block and when using thunderbird to connect the
> same user authentication is required.
>
> Initially I thought this might be because of the
> <authAddress> elements in the smtp config block, so I
> commented all of them out and restarted the server.
> Javamail can still send mail without authenticating.
>
> Any ideas on how to require javamail to authenticate?
>
> I'm running 2.20 BTW.
>
> Thanks,
> - Ole
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org