> I have a big big question. How can user create alias for themselves?
> For example, user John Smith has username jsmith. He can create more
> than 1 email accounts like [EMAIL PROTECTED], [EMAIL PROTECTED],
> [EMAIL PROTECTED], etc. I have no idea how this works but my supervisor
> has been telling me that customers can create their own alias...
They can't. They probably have a limited understanding of E-mail, and set the
"Reply-To" address in their E-mail client to "[EMAIL PROTECTED]" or "[EMAIL PROTECTED]".
They then think that that is their address, since they can send mail perfectly fine
that way. But they won't be able to receive mail at that address!
IMail has no control over what addresses people pretend to be coming from. They only
control the real addresses. So anyone can put any return address in their E-mail
client, no matter what kind of security you may have.
> ... and this led to the open relay hole problem.
Not true. Being able to use any return address is something that you have no control
over. What led to the open relay problem is that you allow anyone to send mail
through your system. If you don't want to be an open relay, unfortunately you have to
restrict to certain IP addresses and use SMTP AUTH for those coming from elsewhere.
> *people create alias on the IMail server and sent SPAM, which makes
> it look like the SPAM is from you*
That would be very likely if you set your system to only allow E-mail from your hosts.
That way, you force spammers to use an address at your site (which makes for a LOT
more work for you when someone spams through your system, since the recipients will
think you allowed it, since it appears to be a legitimate account on your system).
> I look in the Alias folder but all I see was root, postmaster,
> listserve. Where should I look???
That should be it. It sounds like they are pretending to have addresses that they do
not have.
> One last question. In attempting to close the open relay hole
> problem, if I chose relay for Addresses only, user need to
> enable SMTP authentication. However, in Netscape/IE browser, it
> doesn't seem to have such option.
It is there somewhere. Keep looking. I would tell you, except I don't use
Netscape/IE mail clients.
> My supervisor is not very happy about all this. She wants everybody
> to be able to send mail using any kind of mail program.
Then tell her that if she wants everybody to be able to send mail, she will be
allowing spammers to use the mail server.
> She asked if there is anyway to disable the Alias feature for users.
> (since she thinks users have the ability to create alias themselves
> and that's the reason why we got hijacked)
You need to explain to her that the aliases have nothing to do with it. If they
wanted to, they could use a return address that is the same as your address. Or my
address. But they can't receive mail. No E-mail software can prevent people from
using the "aliases" that your boss refers to (return address).
-Scott
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
