> Perhaps you should go download your product from your website and > try this yourself rather than just claiming the original poster > didn't read the documentation. I just downloaded a trial version > of 4.0.5 and it relays out of the box. Actually, his statement is accurate -- MDaemon does not allow relaying out-of-the-box. The issue noted by the original poster is not a relay issue, but rather an address spoofing issue. MDaemon has a detailed section on how to prevent this type of activity. Chapter 9, around page 130ish, goes into details about how to protect your system from being used as a relay as well as how to protect it from spam. Although I agree it would seem sensible to set the package up to deny relay and require POP before SMTP, is it now the responsibility of a software vendor to pre-configure every aspect of the software for those who download it? The original poster's claims are inaccurate -- there is in fact a configuration that disallows relaying and to extend from that, there is a feature that will prevent what he detected as well. He did not fully research the matter before posting it to BugTraq and that does a disservice to the open-disclosure community. Translation: This is a configuration issue and a little RTFM would prevent it altogether. Anyone who is considering running a mailserver should be advanced enough to know relaying is an issue with servers, that default configurations seldom account for all possible variables, and that prior to operating a public server it is imperative to RTFM. Since when is it legitimate to post RTFM based issues to BugTraq? James
This archive was generated by hypermail 2b30 : Sun Aug 19 2001 - 09:32:00 PDT