james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <n...@devtech.com>
Subject RE: Open relay with SMTP-AUTH
Date Wed, 31 Jul 2002 01:55:32 GMT
Peter,

Internally, messages are sent by calling James.sendMail(), which calls
spool.store() to put the message on the incoming message spool.  If you look
at SMTPHandler, you'll see that it does the same thing.  It calls
mailServer.sendMail(), which it sounds as if you've already noticed.

	--- Noel

-----Original Message-----
From: Peter M. Goldstein [mailto:peter_m_goldstein@yahoo.com]
Sent: Tuesday, July 30, 2002 20:48
To: 'James Developers List'
Subject: RE: Open relay with SMTP-AUTH



Noel,

That looks right.  The relevant logic is in the SMTPHandler.

Does the LocalDelivery bounce even invoke the SMTPHandler?  I don't see
why it wouldn't just place an outgoing message on the spool directly.
That's what it appears to do.

I'm going to play with some configurations here and see what happens...

--Peter

> -----Original Message-----
> From: Noel J. Bergman [mailto:noel@devtech.com]
> Sent: Tuesday, July 30, 2002 4:39 PM
> To: James Developers List
> Cc: farsight@alum.mit.edu
> Subject: RE: Open relay with SMTP-AUTH
>
> Seems like we have the following combination:
>
>                       local receiver      remote receiver
>   local sender             OK                   OK
>   remote sender            OK                  DENY
>
> with respect to null senders, which is the same as for other messages.
> Am I missing something?
>
> 	--- Noel
>
> -----Original Message-----
> From: Hontvari Jozsef [mailto:hontvari@solware.com]
> Sent: Tuesday, July 30, 2002 16:03
> To: James Developers List; farsight@alum.mit.edu
> Subject: Re: Open relay with SMTP-AUTH
>
>
> > If we're going to enforce that mail will null senders does not leave
the
> > host, then this should be:
>
> Maybe this assumption originates from me, sorry. It is not true. I
have
> fogotten that bounce messages generated by james also went through the
> mailet spool (or am I wrong again?).
>
> At least the bounces generated locally by james must leave the server
(and
> the bounces MUST have null sender accordingly to RFC 1123 5.3.3).
>
> I agree on that preventing open relay should not require adding
mailets to
> the default configuration file.
>
> ----- Original Message -----
> From: "Peter M. Goldstein" <peter_m_goldstein@yahoo.com>
> To: "'James Developers List'" <james-dev@jakarta.apache.org>
> Sent: Tuesday, July 30, 2002 8:54 PM
> Subject: RE: Open relay with SMTP-AUTH
>
>
> >
> > All,
> >
> > From Serge's description it just seems that the not null sender
check is
> > unnecessary.  The code now is:
> >
> >             // If this is a delivery failure notification (MAIL
FROM:
> > <>)
> >             //   we don't enforce authentication
> >             if (authRequired && state.get(SENDER) != null) {
> >                 // Make sure the mail is being sent locally if not
> >                 // authenticated else reject.
> >                 if (!state.containsKey(AUTH)) {
> >                     String toDomain = recipientAddress.getHost();
> >                     if (!mailServer.isLocalServer(toDomain)) {
> >                         out.println("530 Authentication Required");
> >                         getLogger().error("Authentication is
required
> > for mail request");
> >                         return;
> >                     }
> >                 } else {
> >
> > If we're going to enforce that mail will null senders does not leave
the
> > host, then this should be:
> >
> >             // If this is a delivery failure notification (MAIL
FROM:
> > <>)
> >             //   we don't enforce authentication
> >             if (authRequired) {
> >                 // Make sure the mail is being sent locally if not
> >                 // authenticated else reject.
> >                 if (!state.containsKey(AUTH)) {
> >                     String toDomain = recipientAddress.getHost();
> >                     if (!mailServer.isLocalServer(toDomain)) {
> >                         out.println("530 Authentication Required");
> >                         getLogger().error("Authentication is
required
> > for mail request");
> >                         return;
> >                     }
> >                 } else {
> >
> >
> > I haven't looked at the LocalDelivery mailet, but I imagine it may
> > require modification to ensure that mails with empty senders that
are
> > routed to non-existent addresses don't bounce.
> >
> > I don't agree that this is a matcher issue.  It shouldn't require
any
> > complex configuration to prevent open relay behavior.  Turning on
SMTP
> > authentication is a standard and expected behavior to prevent open
relay
> > behavior.  Additional configuration of matchers is not.
> >
> > Any thoughts?
> >
> > --Peter
> >
> > > -----Original Message-----
> > > From: Hontvari Jozsef [mailto:hontvari@solware.com]
> > > Sent: Tuesday, July 30, 2002 12:54 AM
> > > To: James Developers List
> > > Subject: Re: Open relay with SMTP-AUTH
> > >
> > > But is it possible at all to configure james correctly?
> > > If he is using smtp authentication, likely he hasn't so called
"local"
> > > hosts.
> > >
> > > This is the required behaviour, when the mail from is empty (i.e.
> > bounce
> > > message):
> > > -if the recipient is local then delivery the message
> > > (-if the recipient is local, but the mailbox does not exist, then
do
> > > nothing, you must not bounce a bounce message)
> > >
> > > -if the recipient is not local but the remote host is
authenticated
> > then
> > > relay the message (although I guess this rarely occurs)
> > > -if the recipient is not local and the remote host is not
> > authenticated
> > > then
> > > do nothing (usual servers simply would not accept the mail)
> > >
> > > BUT: there is no matcher which can decide if the sender is
> > authenticated
> > > or
> > > not, so we cannot configure correctly.
> > >
> > > I think the best configuration - which can be done at this moment
-
> > simply
> > > removes the message if the recipient isn't local and the sender is
> > empty.
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Serge Knystautas" <sergek@lokitech.com>
> > > To: "James Developers List" <james-dev@jakarta.apache.org>;
> > > <farsight@alum.mit.edu>
> > > Sent: Tuesday, July 30, 2002 8:21 AM
> > > Subject: Re: Open relay with SMTP-AUTH
> > >
> > >
> > > > Even if you have a server that only is accepting SMTH AUTH, it's
> > still
> > > best
> > > > practices to accept "MAIL FROM: <>" messages (i.e., you can't
just
> > > disable
> > > > that).  That said, messages with a null sender should not leave
your
> > > server,
> > > > so I think it's either a conf issue or a bug in some matcher
that
> > isn't
> > > > probably capturing that and preventing the relaying.
> > > >
> > > > Serge Knystautas
> > > > Loki Technologies
> > > > http://www.lokitech.com/
> > > >
> > > > ----- Original Message -----
> > > > From: "Peter M. Goldstein" <peter_m_goldstein@yahoo.com>
> > > > To: "'James Developers List'" <james-dev@jakarta.apache.org>
> > > > Sent: Monday, July 29, 2002 8:21 PM
> > > > Subject: FW: Open relay with SMTP-AUTH
> > > >
> > > >
> > > > >
> > > > > All,
> > > > >
> > > > > I've just confirmed this on the latest code base.  The cause
is
> > pretty
> > > > > obvious - there is a comment in SMTPHandler.java:
> > > > >
> > > > >             // If this is a delivery failure notification
(MAIL
> > FROM:
> > > > > <>)
> > > > >             //   we don't enforce authentication
> > > > >             if (authRequired && state.get(SENDER) != null)
{
> > > > >
> > > > > Removing the (state.get(SENDER) != null) clause closes the
open
> > relay.
> > > > >
> > > > > But can anyone clarify the comment?  Is this comment referring
to
> > > > > messages being generated by the James server in response to
local
> > > > > delivery failures?  Clearly the code as it stands in
insecure...
> > > > >
> > > > > --Peter
> > > > >
> > > > > -----Original Message-----
> > > > > From: bonadio@intersearch.com.br
> > [mailto:bonadio@intersearch.com.br]
> > > > > Sent: None
> > > > > To: james-user@jakarta.apache.org
> > > > > Subject: Open relay with SMTP-AUTH
> > > > >
> > > > >
> > > > > Hello
> > > > >
> > > > > I think I found a bug when using SMTP-AUTH
> > > > >
> > > > > if you enable smtp-auth and sends a <> as the sender
> > > > > the servers allows the relay of any message, if you
> > > > > specify a correct email address the server enforces the
> > authentication
> > > > >
> > > > > I created a patch for this, is there any other solution?
> > > > >
> > > > > following a session that shows the problem
> > > > >
> > > > > Trying XXXXXX...
> > > > > Connected to XXXXXXXXX.
> > > > > Escape character is '^]'.
> > > > > 220 myMailServer SMTP Server (JAMES SMTP Server 2.0a3-cvs)
ready
> > Mon,
> > > 29
> > > > > Jul 2002 20:31:04 -0400
> > > > > helo test
> > > > > 250-myMailServer Hello test (XXXXXXX)
> > > > > 250 AUTH LOGIN PLAIN
> > > > > mail from: <>
> > > > > 250 Sender <> OK
> > > > > rcpt to: <abuse@abuse.org>
> > > > > 250 Recipient <abuse@abuse.org> OK
> > > > > .....
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe, e-mail:
> > > > <mailto:james-dev-unsubscribe@jakarta.apache.org>
> > > > > For additional commands, e-mail:
> > > > <mailto:james-dev-help@jakarta.apache.org>
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > To unsubscribe, e-mail:
> > > <mailto:james-dev-unsubscribe@jakarta.apache.org>
> > > > For additional commands, e-mail:
> > > <mailto:james-dev-help@jakarta.apache.org>
> > > >
> > > >
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:   <mailto:james-dev-
> > > unsubscribe@jakarta.apache.org>
> > > For additional commands, e-mail: <mailto:james-dev-
> > > help@jakarta.apache.org>
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:james-dev-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> <mailto:james-dev-help@jakarta.apache.org>
> >
> >
>
>
> --
> To unsubscribe, e-mail:   <mailto:james-dev-
> unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:james-dev-
> help@jakarta.apache.org>
>
>
> --
> To unsubscribe, e-mail:   <mailto:james-dev-
> unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:james-dev-
> help@jakarta.apache.org>



--
To unsubscribe, e-mail:   <mailto:james-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:james-dev-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:james-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:james-dev-help@jakarta.apache.org>


Mime
View raw message