> The  story  is  that  one  of my users is overseas. She somehow sent
> messages  from  a foreign host to other users. Since the sender host
> was  not  local/internal  AND the from was legit, I wanted to reject
> the message.

That's  a pretty strange business case, since you haven't specifically
said whether the e-mail content was legitimate or not.

Generally  speaking,  as  Eric  suggested,  SPF  is the perfect way to
prevent  such  forgeries.  But you have to be willing, at the business
level,  to  say, "That mail is nothing more than spam." And you're not
just  saying  it  to  your  other  internal users, you're publishing a
policy  to  other  servers that consult SPF records that says, "Reject
this  mail  now."  If you're ready, I'm fully behind you. I think more
domain owners need to take such tough stands, and it's your right. But
I  caution  you  to  think about your traffic trends before you harden
this  area. Do these people have another way to send from your allowed
IPs?  Do  you offer client-to-site VPN? Are you going to force webmail
from  the  road?  Just  be  ready  for  the flak and have well-written
workarounds ready.

> How  do  I  set  up  IMail  when  it  communicates with internal and
> external hosts via one network port?

I  don't  think that has anything to do with your issue at this point.
If you have one NIC, one private IP, one public IP, one domain, you're
fine.  You may, however, be interested in IMail's alternate submission
port.  Imail  can  listen  on a secondary port, preferably TCP 587, to
which your internal users can authenticate to send mail. Outside users
can't  use  this  port,  because  they don't have credentials. Using a
non-well-known  port  means  that users on consumer ISPs or in hotels,
etc. that block outbound port 25 will still be able to connect.

--Sandy


------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
  http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/

Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases!
  
http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/
  
http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Reply via email to