i noticed only by accident that someone was relaying email
through my mail server by pretending to be a known user on the system
and sending email to someone else..
can you change the default install settings on mailenable such that
the default installation, only allows authenticated users access to smtp...
i didnt notice it until i started looking for it...
and the way it was written was a little confusing to understand what the setting thou...
security issue with default setting
-
- Site Admin
- Posts: 4441
- Joined: Tue Jun 25, 2002 3:03 am
- Location: Melbourne, Victoria Australia
We are investigating this. Your right though, the default ME does allow relay where the sender address is local. The reason for this was to prevent a flurry of questions regarding why people cannot send mail from their client (unless they had already worked out how to enable authentication).
There has been much feedback in relation to this and as a result, we have decided to do ay you have suggested but to provide a large information message in the installation.
Thanks for the feedback.
There has been much feedback in relation to this and as a result, we have decided to do ay you have suggested but to provide a large information message in the installation.
Thanks for the feedback.
Regards, Andrew
sounds good...
better to err on the side of caution..
unlike some other software companys we all know lol...
unlike some other software companys we all know lol...