On Fri, Aug 17, 2001 at 10:49:04AM -0500, Arvel Hathcock <arvelat_private> is thought to have said: > > It seems like that Mdaemon SMTP server can be used for > > unauthorized relaying. Mail can be relayed when sent > > "FROM or TO known user", it means that mail sent "from" > > the account of one of served domains always can be relayed. > > There is no problem to specify any "from" user, for > > example, system account "mdaemon". > > Please read the manual. There are ways of verifying addresses. Also, the > default installation does not allow mail relaying. You have enabled it > yourself. There is a switch setting that prevents this sort of thing and it > is set by default. Perhaps you should go download your product from your website and try this yourself rather than just claiming the original poster didn't read the documentation. I just downloaded a trial version of 4.0.5 and it relays out of the box. If the envelope from you provide matches a valid user (and MDaemon is the default installed server user) at the local domain then you can relay. And here I had been wondering why I was getting so much spam through MDaemon servers that the various open relay blacklists were claiming were secure. Slightly edited examples follow. Tabor A random invalid user fails: 220 example.com ESMTP MDaemon 4.0.5 UNREGISTERED; Fri, 17 Aug 2001 18:11:35 -0400 ehlo blah 250-example.com Hello blah, pleased to meet you 250-ETRN 250-AUTH LOGIN CRAM-MD5 250-8BITMIME 250 SIZE 0 mail from:<blahat_private> 250 <blahat_private>, Sender ok rcpt to:<twellsat_private> 550 <twellsat_private>, Recipient unknown quit 221 See ya in cyberspace A known valid user succeeds: 220 example.com ESMTP MDaemon 4.0.5 UNREGISTERED; Fri, 17 Aug 2001 18:11:52 -0400 ehlo blah 250-example.com Hello blah, pleased to meet you 250-ETRN 250-AUTH LOGIN CRAM-MD5 250-8BITMIME 250 SIZE 0 mail from:<MDaemonat_private> 250 <MDaemonat_private>, Sender ok rcpt to:<twellsat_private> 250 <twellsat_private>, Recipient ok data 354 Enter mail, end with <CRLF>.<CRLF> From: mdaemonat_private To: twellsat_private Subject: Relay Test Blah . 250 Ok, message saved quit 221 See ya in cyberspace And the relayed message it sends:
This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 16:59:42 PDT