As I pointed out, this is what sourceforge does. I haven't checked this, to see how it's done, but I'c be very surprised (to say the least) if it couldn't be done with sendmail Regards Anders On Friday 08 June 2001 20:51, StarTux wrote:
Would be nice if it could check to see if the user actually existed on the system. Or is this too much of a security risk?
Matt
-- "The only thing complex about Linux are the users themselves."
On Fri, 8 Jun 2001, Leah Cunningham wrote:
- > I don't think this is about relaying. Spoofing a from-address can be done - > without any relay at all.
Yes, I guess you are right, as long as the domain is valid, it is easy to spoof an email address if the server allows mail to be sent from outside the network. For example, I couldn't send the SMTP command to a modern server:
mail from:leah@leah.leah.leah.leah but I could do mail from:leah@valaddomain.com
Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?
Even then, one could change the user and leave the correct domain intact for external/internal domains.
- > I just found this out. I had been getting strange entries in my maillog from - > sourceforge servers, and their admins told me it had to do with SMTP - > callback. i.e. finding out if the from-address is valid or not. I think this - > is what's required. But it has nothing to do with relaying, I'm *almost* - > certain :). - > - > On Friday 08 June 2001 16:04, Leah Cunningham wrote: - > > Matt, - > > - > > - > I just wanted to share that with you! The id10t who spammed me even - > > - > tried spoofing the from address to make it look as if it came from my - > > - > own domain, so I forwarded it to them. - > > - > - > > - > Actually, how can one fix this? I am using Sendmail. - > > - > > You need to disable relaying in sendmail. I'm not positive where - > > this is, but I imagine someone else here can tell you, or you could - > > look it up, that's what I ususally do. I thought's SuSE's - > > sendmail.cf took care of this by default, but I don't remember. - > > - > > - > > I can't believe it's not UNIX!!! - > > ------------------------------------------------------------ - > > Leah Cunningham | PPC QA, Business Support & - > > www.heinous.org | QA & Linux geek, et al.
I can't believe it's not UNIX!!! ------------------------------------------------------------ Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.