james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Lin <kennethlin2...@yahoo.com>
Subject Re: james SMTP authentication enforcement
Date Fri, 10 Mar 2006 02:15:46 GMT
Stefano:
  
  Thanks for pointing out. I was looking at the older version of the SMTP RFC. I will let
you know once the code is ready.
  
  Ken

Stefano Bagnara <apache@bago.org> wrote:  Ken Lin wrote:
> Stefano:
>  I went ahead and tested a few other ISP and corporation's email. It  seems when SMTP
authentication is not established, many directly reject  any mail with sender containing the
designated domain name. Here are  the servers I tested that rejected all spoof:
>     
>     Mail ISP:
>     Gmail: gsmtp183.google.com

I just sent a mail from one of my gmail account to another of my gmail 
account using their smtp server without authentication and I have been 
succesfull.
You're probably missing something in the tests, or I don't understand 
what are you testing.

[edentist][/var/log]$ telnet gsmtp163.google.com 25
Trying 64.233.163.27...
Connected to gsmtp163.google.com.
Escape character is '^]'.
220 mx.gmail.com ESMTP 38si1843438nzk
ehlo pippo.com
250-mx.gmail.com at your service
250-SIZE 20971520
250-8BITMIME
250 ENHANCEDSTATUSCODES
mail from: 
250 2.1.0 OK
rcpt to: 
250 2.1.5 OK
data
354 Go ahead
Subject: test

body
.
250 2.0.0 OK 1141947204 38si1843438nzk
quit
221 2.0.0 mx.gmail.com closing connection 38si1843438nzk
Connection closed by foreign host.

And I succesfully received the message.

I don't test all the other servers because there is obviously a 
misunderstanding in this conversation.

>  Just to make sure that the code change won't violate the RFC, can you  let me know the
RFC number and section number that mandates any email  from @xyz.com can be sent to postmaster@xyz.com
without SMTP  authentication? I looked at the following two RFCs from the IETF site  and couldn't
find this mandate:
>   SMTP RFC (821): http://www.ietf.org/rfc/rfc0821.txt
>   SMTP authentication RFC (2554): http://www.ietf.org/rfc/rfc2554.txt

RFC 2821 - Simple Mail Transfer Protocol

4.5.1 Minimum Implementation
Any system that includes an SMTP server supporting mail relaying or
    delivery MUST support the reserved mailbox "postmaster" as a case-
    insensitive local name.This postmaster address is not strictly
    necessary if the server always returns 554 on connection opening (as
    described in section 3.1).  The requirement to accept mail for
    postmaster implies that RCPT commands which specify a mailbox for
    postmaster at any of the domains for which the SMTP server provides
    mail service, as well as the special case of "RCPT TO:
"
    (with no domain specification), MUST be supported.

    SMTP systems are expected to make every reasonable effort to accept
    mail directed to Postmaster from any other system on the Internet.
    In extreme cases --such as to contain a denial of service attack or
    other breach of security-- an SMTP server may block mail directed to
    Postmaster.  However, such arrangements SHOULD be narrowly tailored
    so as to avoid blocking messages which are not part of such attacks.

Stefano


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org




		
---------------------------------
Yahoo! Mail
Bring photos to life! New PhotoMail  makes sharing a breeze. 
Mime
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message