SMTP authentication

prashantbhushan

prashantbhushan

Verified User
Joined
Jul 21, 2006
Messages
199
Location
Pune, India.
hello,
How to prevent someone to use my mailserver as SMTP to send mails.
Suppose one mail server is abc.com and my domain test.com is having mail service on this server. if i do the following.

telnet abc.com 25
mail from: [email protected]
rcpt to: [email protected].

This shouldn't work.
But its happening. How to prevent this.


Thanks.
 
i dont see how someone was using your server to send emails.

since test.com is hosted on abc.com server so it is bound to accept emails for test.com domain. So as long as a valid email address (user, forwardrer , catchall) exists abc.com server will accept the emails for [email protected]
 
Then, in this world anybody can send mails to anyone without authentication.

As yahoo account has not authenticated before sending mails to my domain.

Thanks,
Prashant.



rohit said:
i dont see how someone was using your server to send emails.

since test.com is hosted on abc.com server so it is bound to accept emails for test.com domain. So as long as a valid email address (user, forwardrer , catchall) exists abc.com server will accept the emails for [email protected]
Click to expand...
 
i think you have got it wrong. Authentication is needed, if someone wants to use a server for sending emails.
 
I think there's been some confusion in this thread.

If example.com is hosted on your server than anyone who connects to your server can send mail to valid addresses at example.com. If that weren't true, then email wouldn't work at all.

If someone who isn't authenticated on your server tries to send email to [email protected], and example.com is hosted on your server, and someone is a valid email address, the mail will be accepted and delivered. Again, if that weren't true, example.com couldn't get any email from anyone.

But if someone who isn't authenticated on your server tries to send mail to [email protected], that email will be refused, even if [email protected] is a valid email address. Unless you've made changes to your exim.conf file to turn your server into an open relay.

How do your users authenticate? One of two ways:

1) password authentication from their outgoing email client (your MUA) on their desktop.

2) receiving email from an account on their server (this authentication lasts a certain number of minutes only; I believe 15).

Jeff
 
In my server some one send mails from [email protected] to hotmail.comand to gmail.com, but the domain "example.com" not existed in my server. :(

Please let me know how could this possible and how to prevent this?

Regards
Harish
 
Spam issue...

Hi,

In my server, somebody send emails from "[email protected]" to hotmail and gmail accounts, but the domain "example.com" is not hosted with my server.

Please let me know how can this possible? and also please let how to prevent this problem.

Regards
Harish
 
The From: address in an email has nothing to do with authentication. You might consider that a shortcoming of the SMTP protocol, but if it didn't work that way then (for example) mailing lists wouldn't work.

So someone on your server could authenticate either by pop-before-smtp or by password, and use any "From:" field address and still be authenticated. You can limit that (by custom changes to exim.pl); some ISPs do that; for example, I can't send email from my ISP unless I either use their return email address or register with them the return email address I want to use.

Years ago I demonstrated this to a friend of mine by sending him an email with a return address of [email protected], and then forgot to change my MUA back, and the next day when I wrote my contact at Microsoft, she got an email from me that said it was from Bill Gates. She was amused. He wasn't. I learned to not demonstrate it anymore :).

Jeff
 
You must log in or register to reply here.
Back
Top