Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum

  

PreviousPrevious NextNext

RE: Blocking spoofed messages from internal SMTP users
~Yentl Cishipigenoni 13.Jan.04 05:11 AM a Web browser
Domino Server All Releases All Platforms


Hi Rupert

Thanks for your response - the problem is that I dont want users to be able to send smtp mail other than via NOTES or they must authenticate to send OUTGOING SMTP Mail - authentication only works on incoming SMTP mail.

One of the restrictions set in the configuration document specifies hosts must be on the internal domain the correect host name ie lets say I work for ACME with a domian name of ACME.com I can restrict who can send SMTP Mail to that specific domain name.
So I cant impersonate BillClinto@whitehouse.gov but I can do the following :-

FBloggs@ACME.com decides he is going to spoof his bosses email address ie BSmith@ACME he can by simpy setting his outlook account to point to the SMTP Server running the SMTP Listener facility and send an email to anyone under the name of BSmith@acme.com.

One solution is to rightly place the outgoing SMTP Server in the DMZ and inhibit the firewall to prevent users from directly accessing this server to relay SMTP mail.
Another way is to switch the listener off however for small companies (which we are not) probably have their incoming and outgoing mail on the one server.

There must be a way to ensure that Bill Smith@acme.com is actually the user sending the email - Domino only allows authenication of incoming SMTP from servers not outgoing SMTP from users.

I will investigate further the option you suggested "Only allow connections from connections with the following IP Addresses" using the IP addresses of all the Domino Servers that will route mail to the SMTP Server then hopefully preventing users from relaying mail directly to the SMTP Server.




SMTP Relaying (~Yentl Cishipig... 11.Jan.04)
. . . . RE: SMTP Relaying (~Yentl Cishipig... 12.Jan.04)
. . . . . . Blocking spoofed messages from inte... (~Anita Asafreez... 12.Jan.04)
. . . . . . . . RE: Blocking spoofed messages from ... (~Yentl Cishipig... 13.Jan.04)
. . . . . . . . . . RE: Blocking spoofed messages from ... (~Anita Asafreez... 16.Jan.04)

Document Options






  Document options
Print this pagePrint this page

Search this forum

Forum views and search


  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Category
Platform
Release
Advanced search

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS