> The trouble with SMTP is that the E-Mail sender is > (usually) not verifiable. If you are just using NOTES > to relay out to the Internet this shouldn't be an > issue. However if you are going to allow Notes <=> VM > then it can be an issue for the Notes users. I think > the moral is that even on internal systems only trust > digitally signed e-mails, and then only if you trust > the PKI.
Another good reason to use a Linux guest for this. It's relatively straightforward to add headers supplying the originating spool info with the modern Linux SMTP MTAs (we did it in SMTPPLUS as part of the spool support, so I know it can be done w/o lots of rocket science), and there are fairly easy ways to determine if the purported originating ID actually exists in the CP directory and dump the message if the originator is bogus. You also pick up SMTP authorization, transport encryption, endpoint authentication, Kerberos support...etc, etc, etc.... all the things that VM SMTP never got taught to do. -- db
