SMTP验证是为了让用户在通过平常的收发邮件客户端,比如outlook,foxmail,去发邮件的时候,不让别人冒名顶替发邮件或者把服务器当作转发主机发送垃圾邮件的一个控制的手段。我现在做了三种尝试,
通过OE(Outlook express)去发送邮件,可以随便配置帐号和密码,只要找到服务器的IP地址就可以了,不需要提供用户的帐号和密码,就可以发送邮件,这样的话就会被有些人把这个服务器作为转发服务器去发送垃圾邮件:
服务器的缺省配置
OE的配置
服务器配置
需要注意需要在帐号中OE设置一个额外的东西,如下图:
然后再发送邮件的时候需要输入密码,才可以发送自己的邮件。但是存在一个问题,我可以在常规的设置中设置别人的帐号和邮件地址,但是以自己的帐号和口令去发送邮件,就会有冒名顶替发邮件的安全漏洞。
详细的描述如下:
Syntax: SMTPVerifyAuthenticatedSender=value
Description: Specifies whether the SMTP server requires mail sent during an authenticated session to be from the Internet address of the authenticated user.
0 - Do not require the sender to use their Internet address
1- Require the Sender, or From, if Sender header does not exist, to match the Internet address of the authenticated server.
2 - Require the RFC822 From header to match the Internet address of the authenticated user. Sender is not checked, just From is checked.
Applies to: Servers
Default: 0
Notes
This setting does not affect the Router, nor does it affect messages that are not submitted via SMTP.
The SMTPVerifyAuthenticatedSender setting does not work when SMTPTranslateAddresses is configured. Mail is rejected if addresses are translated because the match fails.
The features can only be used with single-address entries in the From or Sender field.
加了这个参数后,如果这个Internet邮件地址设置不正确,邮件是发送不成功的。如下图:
大致试验了这么几个操作,看看大家有什么补充的,我觉得还不是很完整,需要大家的添砖加瓦。
阅读(1806) | 评论(1) | 转发(0) |