SMTP clients sending credentials when not required

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
New user
New user
Posts: 1
Joined: 2012-02-16 17:14

SMTP clients sending credentials when not required

Postby bjackson » 2012-02-16 17:32

I am looking at using hMailServer as an outgoing SMTP server at a hotel. We want to check all outgoing SMTP traffic for spam and viruses before it leaves our network. We can intercept all SMTP traffic and send it to hMailServer.

For our purpose we must allow the Guest network IP range to allow deliveries from external to external without authentication. Our problem occurs when a guest automatically sends credentials to hMailServer, since we have no user accounts the connection is refused as the user doesn't exist on the server.

Is there a way to tell hMailServer to accept any credentials presented as valid for an IP range? I look at the scripting options, but there doesn't appear to be an event the fires at the proper time.

Thanks for any assistance.

User avatar
Posts: 14124
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP clients sending credentials when not required

Postby mattg » 2012-02-19 14:40

I think that you could do that with scripting...

I'm guessing that even if you could do what you want, it will be on no avail, because hmailserver won't send those credentials on to whichever server was intended to receive them.

Most places simply block all port 25 traffic via their wifi and wired networks.
Any guest needs to send mail they use Webmail from their ISP, or control their own mailserver and use different ports
Just 'cause I link to a page and say little else doesn't mean I am not being nice.

New user
New user
Posts: 19
Joined: 2011-10-23 23:47

Re: SMTP clients sending credentials when not required

Postby MrGadget » 2012-02-22 07:55

...and you're way out of line injecting yourself as a silent man-in-the-middle to receive those credentials in the first place. Close port 25 and be out of it. Otherwise you need to post a really large sign that advises all users that you're wire-tapping their internet traffic.

Return to “General discussions”

Who is online

Users browsing this forum: No registered users and 2 guests