You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-user@james.apache.org by bo...@intersearch.com.br on 2002/07/30 01:28:27 UTC

Open relay with SMTP-AUTH

Hello

I think I found a bug when using SMTP-AUTH

if you enable smtp-auth and sends a <> as the sender
the servers allows the relay of any message, if you
specify a correct email address the server enforces the authentication

I created a patch for this, is there any other solution?

following a session that shows the problem

Trying XXXXXX...
Connected to XXXXXXXXX.
Escape character is '^]'.
220 myMailServer SMTP Server (JAMES SMTP Server 2.0a3-cvs) ready Mon, 29 Jul 2002 20:31:04 -0400
helo test
250-myMailServer Hello test (XXXXXXX)
250 AUTH LOGIN PLAIN
mail from: <>
250 Sender <> OK
rcpt to: <ab...@abuse.org>
250 Recipient <ab...@abuse.org> OK
.....