search

voodoodyne / subethasmtp

SubEtha SMTP is a Java library for receiving SMTP mail
Other
343 stars 138 forks source link

Authentication related query #74

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
This is more of query than an issue.
When subetha is initialized with an appropriate AuthenciationHandlerFactory
and client sends AUTH command things work fine and client gets authenticated.
But what happens if client skips the auth command and issues
MAIL FROM: ,RCPT TO: or data command.

The request would be processed by implementation of MessageHandler.

Does this not mean that client can bypass the authentication ?

Same also applies when tls is enabled.

Kindly correct me if my understanding is wrong.

Regards,

Original issue reported on code.google.com by jitsonf...@gmail.com on 11 Jan 2015 at 2:22

GoogleCodeExporter commented 9 years ago 
Maybe only in trunk, but the SMTPServer constructor Javadoc answers your 
question. I copy it to here:

@param authHandlerFact
the {@link AuthenticationHandlerFactory} which performs
authentication in the SMTP AUTH command. If null,
authentication is not supported. Note that setting an
authentication handler does not enforce authentication, it
only makes authentication possible. Enforcing authentication
is the responsibility of the client application, which usually
enforces it only selectively. Use
{@link Session#isAuthenticated} to check whether the client
was authenticated in the session.

In addition to that, there is a relatively new feature in trunk, which mandates 
authentication, see SMTPServer.setRequireAuth:
@param requireAuth true for mandatory smtp authentication, i.e. no mail
mail be accepted until authentication succeeds.
Don't forget to set AuthenticationHandlerFactory to allow
client authentication. Defaults to false.

Original comment by hontvari@flyordie.com on 11 Jan 2015 at 5:45

GoogleCodeExporter commented 9 years ago 
Thank you for your response.
I'm currently using 3.1.7 version.
However I don't see requireAuth related getter or setter methods in SMTPServer 
class.
Could you kindly help me with version of subetha in which this feature has been 
added.

Regards,

Original comment by jitsonf...@gmail.com on 11 Jan 2015 at 6:19

GoogleCodeExporter commented 9 years ago 
It is in trunk, you have to buld the jar if you want to use it.

Original comment by hontvari@flyordie.com on 11 Jan 2015 at 6:30

GoogleCodeExporter commented 9 years ago 
Thanks a lot for your time.

Original comment by jitsonf...@gmail.com on 12 Jan 2015 at 2:47