Never thought of that. Thank you Todd !! Thank you Rod !! (previous post) B.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Todd Holt Sent: Wednesday, November 14, 2001 8:57 AM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] SMTP Relay. What can we do better. You can do exactly what your asking for, but you need to set it up a little differently: - Set your relay options to: Relay for Addresses - Press the Addresses button and enter your internal systems (you only need to include to servers that cannot do SMTP AUTH and which need to send SMTP) - Set all clients to use SMTP AUTH REMEMBER: The only safe relays options are "no relay" and "relay for addresses". Using "relay for users" allows user spoofing and will get you on the RBLs very quickly (as you have experienced). Todd -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bubba Smith Sent: Wednesday, November 14, 2001 10:46 AM To: [EMAIL PROTECTED] Subject: [IMail Forum] SMTP Relay. What can we do better. If anybody has any suggestions on how to handle this I would be very appreciated. We are using Imail 7.x and have around 100 domains. We are a small ISP providing web hosting and email services for small to medium size businesses. Last week, a person was able to relay 300,000 emails through our Imail server. Our current relay is setup for USERS only. The person was able to relay mail through our system by changing his computer name to a domain name in IMail, and creating an email account on his computer the same as an email account in one of our Imail domains. Since IMail was setup for RELAY FOR USERS ONLY, everything worked correctly. Even if we had setup IMail relay for HOSTS ONLY, the same thing would have occurred. We tried the NO RELAY option, but unfortunately, since the accept.txt file does not work for NO RELAY, none of our emails from WhatsUP Gold could be sent, and some of our third party applications like FrontPage etc... cannot use SMTP Authentication. It would be nice if the ACCEPT.TXT file would worked for NO RELAY but it doesn't. Accept.txt only works for HOSTS and USERS only. If accept.txt did work for NO RELAY, we could put the IP addresses of our internal systems in this file, and all users would then be required to use SMTP Authentication. Problem Solved. I'm a little upset about this because it was pretty simple for this person to do this and if any person reading this email uses NO RELAY for HOSTS or USERS, you are also susceptible to this relaying as well. So what does one do ? Please help !!! Sincerely, B. Williams. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
