1- "Anyone" here means the person who has not real account on my mail server... 2- He connected to the internet using my ISP that means with IP address listed in my SMTP relay for addresses.
In that case, you can't safely use "Relay for Addresses."
When you use "Relay for Addresses", you are saying "Anyone from these IPs (or anyone with the password to an account on the server) may send outgoing E-mail through our mailserver". If the spammer comes from one of those IPs, he will be able to spam, per your instructions.
If a spammer may be using one of the IPs that your customers use, the best option is to force your customers to use SMTP AUTH.
3- He opened his Outlook express and configured a new account named "spammer" which is not on my mail server and configured his outgoing mail server as: Mail.MyDomain.Com and start sending from it to my local users....
There is *no* way to stop that. Even if IMail could authenticate the *return address* (which it does not; this was brought up last week), the spammer could just use some other return address and still spam your users.
There just isn't any easy way for a computer to detect that the person sending that mail was a spammer as opposed to someone sending you legitimate mail. It looks the same to IMail as if the spammer used an open relay as their outgoing mail server.
this is the case Scott in breif..... The account [EMAIL PROTECTED] does not exist on my mail server, however it's able to use my SMTP to send emails to the local users, while I prevented it from sending to outer users... How to prevent such case...
With spam control software. That's the *only* way to block mail going to your users. In this case, you could block the "[EMAIL PROTECTED]" return address in the IMail SMTP Kill List. Or you could buy anti-spam software.
why [EMAIL PROTECTED] can send to my local users... It's not a real account.... It cannot authenticated from my server.. then how it works and how it access my local users?????
Because IMail (like most, but not all, other mailservers) doesn't check what the return address is. Note that there are a *lot* of people who use IMail as their mailserver who send out mail with accounts that aren't on the IMail server (I knew of the CEO of a company who preferred to send mail with his @aol.com address rather than the company's domain name, for example).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches both viruses and vulnerabilities in E-mail, with no annual licensing fees.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
