Brad Morgan wrote:
At 05:52 PM 3/10/2004, Dale McDiarmid [EMAIL PROTECTED] wrote:If his account is deleted from your server, and users have to SMTP AUTH to send mail, he cannot. Now, I can send email from my server when I'm at work, but from home I use my BellSouth account to send as 'me at mydomain'. Unless you can show proof from the headers, he cannot use your server.
... Let me see if I have this right...
Dale says he's setup for no relay.
I believe that if you have no relay set then only users that authenticate can send mail through your server (to other domains).
Correct.
The above employee can, however, send mail claiming he is still @yourdomain if he can find an SMTP server to use. This is the classic spoofed from address. I guess its easy enough to forget to change that information in your profile and if the new SMTP server doesn't check...
My problem is there's no "..if he can find an SMTP server to use". He already > knows an SMTP server to use. Mine.
The verification test basically checks that if I send you an email- either from my server or using BellSouth, IMail will querry my server to verify that my account exists. But IMail already accepted this ex-employee's email, and will insert an X-Header identifying this email as spam. It now has to be properly filtered in order to be deleted or dropped into a different box.According to IMail, if I use the Verify MAIL FROM Address feature
(as found on the Connection Filtering tab of Antispam feature), then no one can send anything unless I add Trusted IP Addresses.
A) Not authenticating anyone who says they're from my domain
(and knows my > SMTP) as long as they're sending to someone in my domain, B) Prevent emps from using email from at home on dialup.
This doesn't make sense to me. You have no relay set so all of your employees are authenticating now, correct?
Unless I totally don't understand the option, verify mail from address should just check with your server to see if that user exists. All of the current employees should pass this test. The former employee should fail.
If the verify mail from address disables authentication (or you have to disable authentication to use it), then it seems to me that its broken.
Guess I'll have to fire up my test server and see how it really works...
Regards,
Brad
And of course, this has no effect to the emails he sends elsewhere using this invalid address.
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
