Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

E-mail authentication on SMTP server

0 views
Skip to first unread message

Ludwig77

unread,
Jul 31, 2003, 2:36:38 PM7/31/03
to
I've been reading where an e-mail server, such as an Exchange server,
will typically only relay e-mail from internal senders upon user
authentication.

Questions
1. Why is it then that I can telnet to our corporate SMTP server and
send an e-mail out? I don't see where the SMTP server is requesting
authentication. Understand that I'm either sending from one of our
corporate domains or to a corporate domain. We don't have an open
relay.

2. Can an SMTP server also authenticate by the client's IP address?
Perhaps that's what's occuring when I send mail outbound thru our SMTP
server via telnet.

Barry Margolin

unread,
Jul 31, 2003, 3:19:41 PM7/31/03
to
In article <8d273a25.03073...@posting.google.com>,

Ludwig77 <gregr...@yahoo.com> wrote:
>2. Can an SMTP server also authenticate by the client's IP address?
>Perhaps that's what's occuring when I send mail outbound thru our SMTP
>server via telnet.

That's what is usually done. User-specific authentication is generally
only used when you need to support users coming from remote networks and
using the server to relay outgoing mail.

--
Barry Margolin, barry.m...@level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Ludwig77

unread,
Aug 1, 2003, 10:41:16 AM8/1/03
to
Barry Margolin <barry.m...@level3.com> wrote in message news:<hZdWa.12$hu...@news.level3.com>...

> In article <8d273a25.03073...@posting.google.com>,
> Ludwig77 <gregr...@yahoo.com> wrote:
> >2. Can an SMTP server also authenticate by the client's IP address?
> >Perhaps that's what's occuring when I send mail outbound thru our SMTP
> >server via telnet.
>
> That's what is usually done. User-specific authentication is generally
> only used when you need to support users coming from remote networks and
> using the server to relay outgoing mail.

Then why does my corporation (and every corporation that I've ever
worked for that uses e-mail) require me to fill in the password for my
e-mail account before allowing to pop or send? Please keep in mind
that I'm on site, not a remote user.

Mike Mann

unread,
Aug 1, 2003, 11:00:52 AM8/1/03
to
On 1 Aug 2003 07:41:16 -0700, gregr...@yahoo.com (Ludwig77)
wrote:

>Barry Margolin <barry.m...@level3.com> wrote in message news:<hZdWa.12$hu...@news.level3.com>...
>

>> That's what is usually done. User-specific authentication is generally
>> only used when you need to support users coming from remote networks and
>> using the server to relay outgoing mail.
>
>Then why does my corporation (and every corporation that I've ever
>worked for that uses e-mail) require me to fill in the password for my
>e-mail account before allowing to pop or send? Please keep in mind
>that I'm on site, not a remote user.

You may be confusing a client requirement with a server
reqirement. Many email client programs (MUAs) require a password
to be entered because they perform dual functions, that of an
SMTP client for the sending of outgoing mail and a POP3 or IMAP
client for the reading of incoming email. POP3 and IMAP require
a password, so the program asks you for one. SMTP usually
doesn't.

Mike.

0 new messages