risk users
to lose
faith in the reliability of the system. If I have a problem with this
layout, I'd have
to argue elsewhere.
No one so far seems particularly surprised by my findings, and I mostly
expected
this. However, this has given me a few items to explore with the provider
that
I didn't
that "misguided attempt to secure SMTP [leading to more
problems]").
Perhaps because you could easily forge a submission as a relay?
On Tue, Apr 18, 2023 at 6:23 AM Jaroslaw Rafa via Postfix-users <
postfix-users@postfix.org> wrote:
> Dnia 17.04.2023 o godz. 19:59:48 Tyl
> One important information is missing here: on what port?
Good catch. Port 25.
> There should be no authentication on port 25 and all mail destined for
local
> domains should be accepted.
>
> There should be mandatory authentication on ports 465/587.
>
> As both acme.com and corley.com
> Please keep replies on list.
>You've explained what's observable, but not why it's a problem.
> Any random server on the internet can send to b...@corley.com without
> authentication. The original sender may or may not authenticate to
> *their* mail server, corley.com cannot control that. So corl
Before getting started, this has been publicly disclosed by someone else a
while ago. However, I still don't think it's necessary to name the
organization to explain myself. My goal here is not only to give a proper
argument to the provider, but also my own curiosity and research (on the
workings o
