Greetings,
I've been contacted
by an RBL accusing us of allowing open relaying to spammers.
Here's some basic
information about how we're currently using iMS: our version iMS 2.4.5;
relaying is turned off; RBL is enabled; we're hosting multiple domains; allowing
users to pop with the email client of their choice (I believe all so far have
been Outlook and Outlook Express); we also provide a web interface for email
accounts; SMTP has CRAM-MD5 and Login Authentication
enabled.
I suspect the
problem is that anyone who knows how to telnet and can guess
an account on our server is able to send an email through our server
without providing a password.
My question is how
can I force authentication. Is SMTPAuth.cfm the answer to my problem or should I
try implementing an "SMTP after POP" solution?
Also I've looked at
the SMTPAuth.cfm but can't see that it's been running, the logs are
not showing any debugging statements the file is
generating.
I've stumbled across
an old posting to the list that made me think that "SMTP after POP"
implementation would solve the problem, but I'm not too clear on how this
solution would be developed.
Rocky
|
This list server is Powered by iMS "The Swiss Army Knife of Mail Servers" To leave this list please complete the form at http://www.coolfusion.com/Support/ Need an iMS Developer license? Sign up for a free license here: http://www.coolfusion.com/Developers/ List archives: http://www.mail-archive.com/infusion-email%40eoscape.com/ Note: You are subscribed as [EMAIL PROTECTED] |
