[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] SMTP Auth - from address
- Subject: Re: [cobalt-security] SMTP Auth - from address
- From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
- Date: Wed, 20 Jun 2001 08:47:45 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
From: "Glen Scott" <glen@xxxxxxxxxxxxxxxxxxxx>
> Yes, sendmail checks whether the domain in the from field is an
> actual domain name, and will reject anything that isn't with a
> "sender domain must exist" error. At least, this is how sendmail is
> set up on our RaQ2 and RaQ3.
Yes but as far as I know, there's know way to check the username, right? So
for example someone authorized to relay through my raq could send things on
behalf of sales@xxxxxxxxxxxx, even though he's not at all affiliated with my
company. We've had this exact thing happen, although by accident (someone
configured sales@xxxxxxxxxxxx instead of sales@xxxxxxxxxxxxxxx as the from
address). AFAIK, there is no way to stop this from occuring. Or is there?
Kevin