This would be a good use of SPF and an alternate SMTP port like port 587 with AUTH.
You do not want other servers so send email with a from of your domain. You want here ot use your server to send email from your domain. Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Sanford Whiteman > Sent: Friday, February 24, 2006 12:09 AM > To: Adam Campbell > Subject: Re[2]: [IMail Forum] blocking messages from my domain > > > > The story is that one of my users is overseas. She > somehow sent > > messages from a foreign host to other users. Since the > sender host > > was not local/internal AND the from was legit, I wanted > to reject > > the message. > > That's a pretty strange business case, since you haven't > specifically said whether the e-mail content was legitimate or not. > > Generally speaking, as Eric suggested, SPF is the > perfect way to prevent such forgeries. But you have to be > willing, at the business level, to say, "That mail is > nothing more than spam." And you're not just saying it to > your other internal users, you're publishing a policy to > other servers that consult SPF records that says, "Reject > this mail now." If you're ready, I'm fully behind you. I > think more domain owners need to take such tough stands, and > it's your right. But I caution you to think about your > traffic trends before you harden this area. Do these people > have another way to send from your allowed IPs? Do you > offer client-to-site VPN? Are you going to force webmail from > the road? Just be ready for the flak and have > well-written workarounds ready. > > > How do I set up IMail when it communicates with > internal and > > external hosts via one network port? > > I don't think that has anything to do with your issue at > this point. If you have one NIC, one private IP, one public > IP, one domain, you're fine. You may, however, be interested > in IMail's alternate submission port. Imail can listen on > a secondary port, preferably TCP 587, to which your internal > users can authenticate to send mail. Outside users can't use > this port, because they don't have credentials. Using a > non-well-known port means that users on consumer ISPs or > in hotels, etc. that block outbound port 25 will still be > able to connect. > > --Sandy > > > ------------------------------------ > Sanford Whiteman, Chief Technologist > Broadleaf Systems, a division of > Cypress Integrated Systems, Inc. > e-mail: [EMAIL PROTECTED] > > SpamAssassin plugs into Declude! > > http://www.imprimia.com/products/software/freeutils/SPAMC32/do wnload/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/downloa d/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/re lease/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
