abhishek singh schrieb: >i have never opened telnet ok , my xinetd service is >off so there is no telnet service , i m doing telnet >to outside to 25 port on my mail server and there is >proper smtp authentication enabled on server , the >problem is anyuser (non-existing) with my domain can >send mail to my real domain users. > > I answered you regarding this question. Didn't you understand it? >below is example........ > >##EXAMPLE 1> > >telnet 192.168.1.4 25 >220 UNAUTHORIZED ESMTP ACCESS IS PROHIBITED > > Hell, why do you violate the RFCs? Please do not change things like this if you don't know what harmful things you do. Please read RFC821 <http://www.DNSstuff.com/pages/rfc821.htm> 4.3 (and RFC2821 <http://www.dnsreport.com/tools/rfc.ch?detail=2821> 4.3.1). >In above example u can see in the 1st example the >sender(xyz) is not real user of my domain , still he >is able to sendmail to my real users (abhi). > > http://www.sendmail.org/~ca/email/fake.html >In second scenario sender is able to send mail by >forging domain name by any domain to my domain users. > > Faking sender information is as easy as that 4 year old kids can do so. Why do you wonder about that? This is how (E)SMTP works. You can dislike it, but that's the technical state. To reject true fantasie sender domains just comment in sendmail.mc the line FEATURE(`accept_unresolvable_domains')dnl >Abhishek Kr. Singh > Alexander