I'm surprised to find out that someone can create a user on their email client for a non-existent user on my domain, and they're able to send messages to other valid users on my domain.
That is normal. That's just how E-mail works. If you want to be [EMAIL PROTECTED], you enter that address in your mail client.
That's what SPF ( http://spf.pobox.com ) is designed to help with.
I hope I'm describing this adequately. If not, let me know. I really need to get this controlled. Seems to me a disgruntled employee can continue using his email address to send messages to the company even after I've deleted them from my server.
Yes, but only if he has access to send the E-mail. And if he does, you haven't fired him well. :)
I'm guessing the problem here is that you are using a "Relay for spammers" option in IMail. IMail's SMTP Security options have a number of relaying choices. Of them, only 2 can be used safely (the rest cause you to be an open relay). The two safe options are "Relay for Addresses" and "No Mail Relay".
If you use IMail's "Relay for addresses", you would enter a list of "safe" IP addresses that your users may come from; anyone not coming from those safe IPs would need to use SMTP AUTH. If you use "No mail relay", everyone must use SMTP AUTH to relay mail. Note that relay settings apply only to outgoing E-mail, so no matter what your settings are, your users will still be able to get mail.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
