On Wednesday, March 10, 2004, 19:22:19, Brad Morgan wrote:
> ...
> Let me see if I have this right...
>
> Dale says he's setup for no relay.
>
> I believe that if you have no relay set then only users that authenticate
> can send mail through your server (to other domains).
Correct.
> If you have relay for IP addresses set, then only those IPs can send
> through your server (to other domains) without authenticating
> (authentication is still allowed). In all cases, anyone can send mail
> addressed to your domain.
Correct.
> If I'm right, then when you "fire" an employee, you delete his email
> account (or change its password) and they can no longer use your
> server to send email to the outside.
Correct but if I read his question correctly he's not complaining about
the ex-employee relaying thru his server to the outside, he's
complaining about the ex-employee sending to other employees.
That is what I'm concerned about here, yes.
> The above employee can, however, send mail claiming he is still @yourdomain
> if he can find an SMTP server to use. This is the classic spoofed from
> address. I guess its easy enough to forget to change that information in
> your profile and if the new SMTP server doesn't check...
>
My problem is there's no "..if he can find an SMTP server to use". He already knows an SMTP server to use. Mine.
> If I understand SPF correctly, it prevents this last case.
Yes.
> If you verify the from address, doesn't that also prevent this last
> case (at least for mail sent to your domain)?
Yes.
According to IMail, if I use the Verify MAIL FROM Address feature (as found on the Connection Filtering tab of Antispam feature), then no one can send anything unless I add Trusted IP Addresses.
I'll research SPF, but the way I understand it; without SPF I'm stuck with choosing between
A) Not authenticating anyone who says they're from my domain (and knows my SMTP) as long as they're sending to someone in my domain,
B) Prevent emps from using email from at home on dialup.
Thx,
D.
