> The story is that one of my users is overseas. She somehow sent > messages from a foreign host to other users. Since the sender host > was not local/internal AND the from was legit, I wanted to reject > the message.
That's a pretty strange business case, since you haven't specifically said whether the e-mail content was legitimate or not. Generally speaking, as Eric suggested, SPF is the perfect way to prevent such forgeries. But you have to be willing, at the business level, to say, "That mail is nothing more than spam." And you're not just saying it to your other internal users, you're publishing a policy to other servers that consult SPF records that says, "Reject this mail now." If you're ready, I'm fully behind you. I think more domain owners need to take such tough stands, and it's your right. But I caution you to think about your traffic trends before you harden this area. Do these people have another way to send from your allowed IPs? Do you offer client-to-site VPN? Are you going to force webmail from the road? Just be ready for the flak and have well-written workarounds ready. > How do I set up IMail when it communicates with internal and > external hosts via one network port? I don't think that has anything to do with your issue at this point. If you have one NIC, one private IP, one public IP, one domain, you're fine. You may, however, be interested in IMail's alternate submission port. Imail can listen on a secondary port, preferably TCP 587, to which your internal users can authenticate to send mail. Outside users can't use this port, because they don't have credentials. Using a non-well-known port means that users on consumer ISPs or in hotels, etc. that block outbound port 25 will still be able to connect. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
