Thanks, Len. Kinda figured that was what I would find out. Laugh of the day: It was a virus (caught by Declude) that brought the particular instance to my attention. Instructor says he will really get on them now. Ha! That should triple their efforts. Sometimes it scary having 200+ networking hackers (aka students) playing around on YOUR side of the firewall.
John Len Conrad wrote: > > >A networking instructor on campus generously showed his students how to > >send mail from spoofed addresses from within our system. > > ... as if they didn't know already ?? :)) > > >Told them not to do it > > ... tilting at windmills. > > >, but of course they are. (Honestly though, some of them would > >have figured it out for themselves.) > > aw, you must be kidding!! :)) > > >I am set to relay only for two specific subnets on our campus. > > good > > >Other > >security items checked are "Auto-deny possible hack attempts" and > >"Disable SMTP VRFY command". Everything else is unchecked. > > ok > > >Is there a way to verify local addresses only > > no, with "relay for addresses", authentication for relay is by allowed ip > address, nothing else. The "mail from: @senderdomain" is open season for > the jokers. Have you gotten any mail from Osama or sheriff shrub, yet? :)) > > >and still accept outside > >incoming mail? What might be my best options? > > There's nothing in Imail that combines "relay for addresses" AND ONLY IF > "mail from: sender@Imaildomain". > > You could use "relay for local users" to force a @senderlocalmailhost, but > then you are an open relay for spoofers from Internet. > > If you used "no mail relay" then everybody would have to use SMTP AUTH, but > even then, Imail doesn't require the authenticated used to use a > @senderdomain that is a valid IMail host. but at least you could trace in > IMail log who was spoofing the @senderdomain. > > Len > > http://MenAndMice.com/DNS-training > http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K > http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways > > Please visit http://www.ipswitch.com/support/mailing-lists.html > to be removed from this list. > > An Archive of this list is available at: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
