I’m confused.
He shouldn’t be able to use your SMTP unless he is:
- Coming from a
trusted IP
- Authenticating with
an active account and password,
If you are
using Declude maybe you can add your own domain to a spam domains test if he
is using @yourdomain.com maybe this could add enough weight to it to prevent
it from getting through. OR I think you can whitelistauth if you
are using IMAIL 8 so anyone who authenticates will be whitelisted. I’m
tired and I feel like I’m rambling…. Hopefully someone will clear up what I am
trying to say.
Marc
-----Original
Message-----
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dale McDiarmid
Sent: Wednesday, March 10,
2004 10:05
PM
To:
[EMAIL PROTECTED]
Subject: Re: [IMail Forum] Non-existent
user able to send to localhost users
At 05:52 PM 3/10/2004, you
wrote:
On Wednesday, March 10,
2004, 19:22:19, Brad Morgan wrote:
> ...
> Let me see
if I have this right...
>
> Dale says he's setup for no
relay.
>
> I believe that if you have no relay set then only users
that authenticate
> can send mail through your server (to other
domains).
Correct.
> If you have relay for IP addresses set,
then only those IPs can send
> through your server (to other domains)
without authenticating
> (authentication is still allowed). In all
cases, anyone can send mail
> addressed to your
domain.
Correct.
> If I'm right, then when you "fire" an
employee, you delete his email
> account (or change its password) and
they can no longer use your
> server to send email to the
outside.
Correct but if I read his question correctly he's not
complaining about
the ex-employee relaying
thru his server to the outside,
he's
complaining about the ex-employee sending to other employees.
That is what I'm concerned about
here, yes.
> The above employee can, however,
send mail claiming he is still @yourdomain
> if he can find an SMTP
server to use. This is the classic spoofed from
> address. I
guess its easy enough to forget to change that information in
> your
profile and if the new SMTP server doesn't check...
>
My problem is there's no "..if he can
find an SMTP server to use". He already knows an SMTP server to use. Mine.
> If I understand SPF correctly, it
prevents this last case.
Yes.
> If you verify the from
address, doesn't that also prevent this last
> case (at least for mail
sent to your domain)?
Yes.
According to IMail, if I use the
Verify MAIL FROM Address feature (as found on the Connection Filtering tab of
Antispam feature), then no one can send anything unless I add Trusted IP
Addresses.
I'll research SPF, but the way I understand it;
without SPF I'm stuck with choosing between
A) Not authenticating
anyone who says they're from my domain (and knows my SMTP) as long as they're
sending to someone in my domain,
B) Prevent emps from using email from at
home on
dialup.
Thx,
D.
