I have been reading this thread and have been working on a similar problem. We have 'No Relay' enabled and all users use AUTH to send mail out. The problem is some spammers (and email worms) are using the same 'to:' address as the 'from:' address without being authenticated. Looking in the logs and doing some testing I have found that I can send a message from the 'postmaster@' to all local users (if I know their username) without authenticating. I understand that if the email is for a local user that IMail should try to deliver to that local user, but it should NOT allow someone to impersonate any local users (or alias). I think that if authentication is required for all outbound messages it should be required for ALL messages, despite any interpretation of the RFC. From what I have read there is nothing outside of a third party SMTP server that will stop this within IMail. Am I correct? if not please tell me.
Maybe it could be a new function in the next version of IMail. ps. Imail version 7.14 hf 2. Arthur Donchey, CISSP V.P. Griffen & Assoc. http://www.vpga.com Skyline Internet Inc. http://www.skylineinternet.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, February 24, 2003 10:28 AM To: [EMAIL PROTECTED] Subject: Re: OSRELAY:Re: [IMail Forum] SMTP Problem (conclussion)! >1- "Anyone" here means the person who has not real account on my mail >server... >2- He connected to the internet using my ISP that means with IP address >listed in my SMTP relay for addresses. In that case, you can't safely use "Relay for Addresses." When you use "Relay for Addresses", you are saying "Anyone from these IPs (or anyone with the password to an account on the server) may send outgoing E-mail through our mailserver". If the spammer comes from one of those IPs, he will be able to spam, per your instructions. If a spammer may be using one of the IPs that your customers use, the best option is to force your customers to use SMTP AUTH. >3- He opened his Outlook express and configured a new account named >"spammer" which is not on my mail server and configured his outgoing mail >server as: Mail.MyDomain.Com >and start sending from it to my local users.... There is *no* way to stop that. Even if IMail could authenticate the *return address* (which it does not; this was brought up last week), the spammer could just use some other return address and still spam your users. There just isn't any easy way for a computer to detect that the person sending that mail was a spammer as opposed to someone sending you legitimate mail. It looks the same to IMail as if the spammer used an open relay as their outgoing mail server. >this is the case Scott in breif..... >The account [EMAIL PROTECTED] does not exist on my mail server, however >it's able to use my SMTP to send emails to the local users, while I >prevented it from sending to outer users... >How to prevent such case... With spam control software. That's the *only* way to block mail going to your users. In this case, you could block the "[EMAIL PROTECTED]" return address in the IMail SMTP Kill List. Or you could buy anti-spam software. >why [EMAIL PROTECTED] can send to my local users... >It's not a real account.... It cannot authenticated from my server.. then >how it works and how it access my local users????? Because IMail (like most, but not all, other mailservers) doesn't check what the return address is. Note that there are a *lot* of people who use IMail as their mailserver who send out mail with accounts that aren't on the IMail server (I knew of the CEO of a company who preferred to send mail with his @aol.com address rather than the company's domain name, for example). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches both viruses and vulnerabilities in E-mail, with no annual licensing fees. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
