On 3/3/2010 2:19 PM, post...@piven.net wrote:
$ telnet mail.mydomain.com smtp
(rcv) 200 your mail server's banner
(snd) HELO whatever
(rcv) 250 your-server's-hostname
(snd) MAIL FROM: whatever
(rcv) 250 2.1.0 Ok
(snd) RCPT TO: your-testing-mailbox
(rcv) 250 2.1.5 Ok
(snd) DATA
(rcv) 354 End data with <CR><LF>.<CR><LF>
(snd) your messsage goes here.
(snd) end it with newline, dot, newline
(snd) .
(rcv) 250 2.0.0 Ok: queued as (something)
(snd) QUIT
(rcv) 221 2.0.0 Bye
Postfix will complain with "I can break things too" if you omit the DATA
command between your last RCPT TO: and the start of your message.
Don
Ok, now I've figured out what is going on. If a user sends a mail and
specifies a From: field in the envelope header, the original From: field
as build from the "mail from:" command is replaced.
so if I wished to prevent anyone from spoofing the envelope from field
by including an email address with my domain in it, is the right answer
to somehow tie in the check for the domain with whether or not the
session is authenticated, similar to allowing only authenticated users
to relay?
Josh
