On Sun, 10 Jun 2007, william(at)elan.net wrote:
Sendmail does not authenticate automatically or otherwise. What it does
is to use as RFC2821 MAIL FROM account of the user that invoked it or
when "-f" option is used puts out account of the user in the trace data.
This is not authentication, this is reporting of the user data, so its
like you connecting to open relay mail system and that system properly
puts in Received line with ip address of where you connected from and then
forward your email without checking if you're allowed to relay or not.
You seem to be confusing authentication and authorization. Sendmail
authenticates local senders but does not (by default) have any controls
over which users are authorized to send email.
The same is true for the university email system that I help run: any
account that exists (can be authenticated either as a Unix user on the
old timesharing service or via SASL for modern message submission) is
authorized to send email.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
HUMBER THAMES: NORTHERLY 3 OR 4. SLIGHT. FOG PATCHES AND SHOWERS. MODERATE OR
GOOD, OCCASIONALLY VERY POOR.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf