[Kolab-devel] How to switch off Kolab's anti-spoof?

[Thomas Black]

Hey Stephan

Thanks for the responses!

> Edit /kolab/etc/kolab/templates/resmgr.conf.template, all the magic is in
> there...

Nah, I couldn't see it in there. Unless I'm misreading those options,
it seems as though that file basically mirrors the options in the web
interface.

I did however, find it inside smtp_kolabpolicy, line 285:

<--- snip <---
    if( contains( $username, \@uids ) ) {
      mylog($syslog_priority, "$username using $sender is OK,
accepting") if $verbose;
      return "DUNNO";
<--- snip <---

Basically, that seems to check if the uids associated with $sender
fits with username - basically so that authenticated users can't send
mail from another user's email addy. However, if receiving mail via a
relay, $username is undefined and so this check always fails, so mail
from a local addy via a relay is never accepted.

I changed this to:

<--- snip <---
    if( !$username || contains( $username, \@uids ) ) {
      mylog($syslog_priority, "$username using $sender is OK,
accepting") if $verbose;
      return "DUNNO";
<--- snip <---

So if mail is sent via a relay using a valid local $sender without
authentication, it still accepts it. Same strict requirements are
there for authenticated users though.

Apart from the (acceptable) risk of a forged local sender, I can't
think of any other security issues, like making the system open relay
or anything like that.

smtp_kolabpolicy isn't generated in any way is it, like the rest of
the conf files?

Cheers

-Thomas