If anybody has any suggestions on how to handle this I would be very appreciated. We are using Imail 7.x and have around 100 domains. We are a small ISP providing web hosting and email services for small to medium size businesses.
Last week, a person was able to relay 300,000 emails through our Imail server. Our current relay is setup for USERS only. The person was able to relay mail through our system by changing his computer name to a domain name in IMail, and creating an email account on his computer the same as an email account in one of our Imail domains. Since IMail was setup for RELAY FOR USERS ONLY, everything worked correctly. Even if we had setup IMail relay for HOSTS ONLY, the same thing would have occurred. We tried the NO RELAY option, but unfortunately, since the accept.txt file does not work for NO RELAY, none of our emails from WhatsUP Gold could be sent, and some of our third party applications like FrontPage etc... cannot use SMTP Authentication. It would be nice if the ACCEPT.TXT file would worked for NO RELAY but it doesn't. Accept.txt only works for HOSTS and USERS only. If accept.txt did work for NO RELAY, we could put the IP addresses of our internal systems in this file, and all users would then be required to use SMTP Authentication. Problem Solved. I'm a little upset about this because it was pretty simple for this person to do this and if any person reading this email uses NO RELAY for HOSTS or USERS, you are also susceptible to this relaying as well. So what does one do ? Please help !!! Sincerely, B. Williams. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
