>I must be misunderstanding how Imail works or there is something strange
>about my setup here.
These may not be all the possibilities!! vbg
>filters and this is happening. This tells me that anyone who knows a valid
>email address of someone on an Imail server they can use it to spam the
>world or I still have something that I am doing wrong.
Maybe this: If you have "relay for addresses" and you're futzing around
with these name changes and then sending from a machine in the "relay for
addresses" group, Imail will relay. Imail "trusts" your ip address, as it
was told to do, and doesn't bother about the "MAIL FROM:".
This "false positive" for open-relay testing always occurs when I run
DNSExpert on my machine against my Imail-hosted zones.
DNSExpert, running on my Imail-trusted wkstn, relays beautifully through
Imail, spoofing "MAIL FROM:" an where the "RCPT TO:" also is not on my
Imail server.
DNSexpert, based on what it sees, tells me meiway.com is an "open relay"
because, from an Imail-trusted ip address, IT IS an open relay.
>What am I missing here?
The contents of my response?? That, again, may not be all the
possibilities, but it's a start. vbg
>Does this mean that anyone who knows a valid user on an Imail server can
>send email through it to the world?
Yes, of course, as long as they do it from your trusted ip addresses.
If one of your users is NOT communicating to Imail from one of your trusted
ip addresses, then the valid user's SMTP client must use the SMTP AUTH
protocol to send mail through Imail. That's why everybody here is deeply
concerned about SMTP AUTH not working.
Without SMTP AUTH active, we can't use "relay for addresses", and we have
to open-relay for the "roaming" dial-up users, which means, the world. ouch
Roaming users could also be told to send mail through the mail server of
the dial-up access provider that the roamer is connecting to. That access
provider trust his own ip addresses.
Of course, ip addresses, as well as "MAIL FROM:" addresses ...
( that's why both SMTPSecurity:RelayForLocalUsers and
SMTPSecurity:RelayForLocaldomains are as substantial spam-defenses as the
pixels on their radio buttons. Using either of these will get you snagged
into Mail-Abuse.org as an Open-Relay, for sure.)
... can be spoofed, so you must set up the packet filtering on your border
router such that all incoming packets coming from the "outside" interfaces
that say, spoofingly, that they are coming from your "inside" addresses are
dropped silently and, I suggest, logged.
Len
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
