once you let people relay without authentication, it's always hard to impose it.This is the difficult bit Len.....
We have 2 server sets, one for users who dial in directly and pick up/send mail. I've got these locked down by SMTP VRFY
SMTP VRFY provides no lock down, and should be disabled.
and "No Relay"
ok
but those in-house servers can require authenticate from the edge users, so what gets into them is authenticated, justifying your trust of their ip's.The second server is for those clients who have "in-house" mail servers where I can't use SMTP verification by user.
This server is solely for relaying mail from the clients' server and out to the recipient's server. All I can do so far is to add the clients' domain names to the "ACCEPT.LST" file and "Relay for local hosts only". There are no users registered on this server. Now, several of these clients also use dial-in via ISDN to connect so they are assigned an IP address dynamically, that makes it almost impossible to set up "Relay for Addresses"
that's why we have SMTP AUTH.
yes, but it's more $$ MRC, and a fight DSL line by line.Guess I'll have to try and convince them that they really need ADSL or similar with an allocated IP address - now that WOULD be easy.
Better to try to imposed SMTP AUTH on everybody every where. but, easy to say.... All you need is one big "internal" spammer violation to justify SMTP AUTH lockdown on everybody "for their own sake". :))
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
