At 05:52 PM 3/10/2004, Dale McDiarmid [EMAIL PROTECTED] wrote: >>�� ... >> Let me see if I have this right... >> >> Dale says he's setup for no relay. >> >> I believe that if you have no relay set then only users that >> authenticate can send mail through your server (to other domains).
> Correct. >> The above employee can, however, send mail claiming he is still >> @yourdomain if he can find an SMTP server to use. This is the >> classic spoofed from address. I guess its easy enough to forget to >> change that information in your profile and if the new SMTP server >> doesn't check... >> > My problem is there's no "..if he can find an SMTP server to use". He > already > knows an SMTP server to use. Mine. > According to IMail, if I use the Verify MAIL FROM Address feature > (as found on the Connection Filtering tab of Antispam feature), > then no one can send anything unless I add Trusted IP Addresses. > A) Not authenticating anyone who says they're from my domain > (and knows my > SMTP) as long as they're sending to someone in my domain, > B) Prevent emps from using email from at home on dialup. This doesn't make sense to me. You have no relay set so all of your employees are authenticating now, correct? Unless I totally don't understand the option, verify mail from address should just check with your server to see if that user exists. All of the current employees should pass this test. The former employee should fail. If the verify mail from address disables authentication (or you have to disable authentication to use it), then it seems to me that its broken. Guess I'll have to fire up my test server and see how it really works... Regards, Brad To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
