No authentication required?

liorm

liorm

Verified User
Joined
Feb 2, 2012
Messages
25
Hello,

Running Exim version 4.67, I noticed that when sending through the server and identifying (mail-from) with (any) address from a locally configured domain - requires no authentication for the message to be sent.

When changing the mail from address to a foreign domain - authentication IS required.

Any ideas?:confused:
 
Solved after removing the domain from /etc/virtual/whitelist_domains
 
As I've mentioned many times, whitelist_domains is dangerous and should only be used as a temporary fix while trying to figure out what else needs to be fixed to allow email to be sent through.

But I'll repeat again: Do not use whitelist_dmains unless absolutely necessary and then only as a temporary measure. Anyone (including spammers) can spoof any from address with a domain in whitelist_domains, and then spam throuhg your server. Or in other words, putting a domain name in whitelist_domains means the server is now an open-relay for all emails with that domain in the from address.

I think it's a useful file, and occasionally even necessary, so I don't want to remove it, but it will probably be better documented in future versions of the exim.conf file.

Jeff
 
You must log in or register to reply here.
Back
Top