On Friday 08 June 2001 12:37, Leah Cunningham wrote:
- > I don't think this is about relaying. Spoofing a from-address can be done - > without any relay at all.
Yes, I guess you are right, as long as the domain is valid, it is easy to spoof an email address if the server allows mail to be sent from outside the network. For example, I couldn't send the SMTP command to a modern server:
mail from:leah@leah.leah.leah.leah but I could do mail from:leah@valaddomain.com
Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?
Feature is also called allow 'mail based on envelope from': FEATURE(relay_local_from) Which is not in the default SuSE sendmail config ( or any newer sendmail config). It is the only way to allow false envelopes in, aside from the promiscuous relay feature, which just allows anything whatsoever at all in:-). Sendmail does an nslookup on your domain, so it checks no matter what you give as a from address. The only spoofing you could do (that I can think off) is to spoof your IP address, which is hard to do, to say the least. -- Cheers, Joost