It seems like that Mdaemon SMTP server can be used for unauthorized relaying. Mail can be relayed when sent "FROM or TO known user", it means that mail sent "from" the account of one of served domains always can be relayed. There is no problem to specify any "from" user, for example, system account "mdaemon". 220 bepe ESMTP MDaemon 4.0.5 UNREGISTERED; Thu, 16 Aug 2001 11:38:54 +0600 > helo somedomain 250 bepe Hello somedomain, pleased to meet you > mail from: mdaemon@bepe 250 <mdaemon@bepe>, Sender ok > rcpt to: alienhardat_private 250 <alienhardat_private>, Recipient ok The message was successfully sent. Additionally, you can specify "Reply-To" field in message header, and mail client will reply to correct address. I can't find any configuration which will disallow it. It looks like design error - poor criteria. Maybe expert mdaemon users shows is it right or wrong. Tested: Mdaemon Pro 4.0.5 buggzyat_private, Nerf Security Group http://www.nerf.ru
This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 07:21:53 PDT