You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-user@james.apache.org by TeoTL <tl...@yahoo.com> on 2003/03/07 04:47:30 UTC

AUTHentication SCARE

Hi

I am trying to set up an authentication for the JAMES
in order to prevent a OPEN SPAMMER haven.

But soemhow i find that any password will manage to
pass thru my server.

I use postmaster@abc.com as a sender and I can send
outward mail to anyone with a user (postmaster)
/password (12345678) ...

I can still send a mail out to anyone as well even if
i use a password (abcdefg) ..

I can even do the same thru a remote station not
within the LAN.

it seems that the server does not care what your
password is, as long as you are postmaster@abc.com.

or *.abc.com  ...

This is very unsecured as any javamail can impersobate
me as the postmaster@abc.com and send any stuffs out
on my behalf.

Can someone enlighten me on this issue??














__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org

Re: AUTHentication SCARE

Posted by TeoTL <tl...@yahoo.com>.

--- TeoTL <tl...@yahoo.com> wrote:
> Hi
> 
> I am trying to set up an authentication for the
> JAMES
> in order to prevent a OPEN SPAMMER haven.
> 
> But soemhow i find that any password will manage to
> pass thru my server.
> 
> I use postmaster@abc.com as a sender and I can send
> outward mail to anyone with a user (postmaster)
> /password (12345678) ...
> 
> I can still send a mail out to anyone as well even
> if
> i use a password (abcdefg) ..
> 
> I can even do the same thru a remote station not
> within the LAN.
> 
> it seems that the server does not care what your
> password is, as long as you are postmaster@abc.com.
> 
> or *.abc.com  ...
> 
> This is very unsecured as any javamail can
> impersobate
> me as the postmaster@abc.com and send any stuffs out
> on my behalf.
> 
> Can someone enlighten me on this issue??
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> james-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> james-user-help@jakarta.apache.org
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org