Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum


PreviousPrevious NextNext

~Yentl Cishipigenoni 11.Jan.04 04:45 AM a Web browser
Domino Server All Releases All Platforms

I work in a multi server domain where an SMTP server resides in the DMZ and a server on the internal network routes using smtp to the external server.

If I open a mail client such as Outlook and set the outgoing smtp server to be the IP address address of the internal smtp server then the server can be used to relays emails without any auithentication.

So currently I can send a mail to anyone externally and internally from an email address of say etc etc. To stop this I simply make minor changes to the configuration of the server document that restricts outgoing mail from only addresses with the internal domain name.

However what can I implement to stop a user on the internal network pretending to be someone else and then sending mail either internally or externally. ie if there is a user in the name & address book say Fred Bloggs using fbloggs@acme what stops me from sending an email to someone using his account as the sender using outlook

I was under the impression that I could implement SMTP authentication but this only applies to SMTP inbound - the SMTP outbound doesnt allow me to set authentication ANONYMOUS to NO

Any ideas anyone and before anyone suggest to read the manual I have - all previous entries covers spam from external sources not from a user on the internal network - the issue is Non Authentication - if a user authenticates and then sends an email using dodgy account details such as Fred Bloggs (who has an entry in the NAB but is not the actual person sending the email) then we can track it - the problem is simply someone internally pretending to be someone else.

Wow I hope that makes sense to you all.

SMTP Relaying (~Yentl Cishipig... 11.Jan.04)
. . . . RE: SMTP Relaying (~Yentl Cishipig... 12.Jan.04)
. . . . . . Blocking spoofed messages from inte... (~Anita Asafreez... 12.Jan.04)
. . . . . . . . RE: Blocking spoofed messages from ... (~Yentl Cishipig... 13.Jan.04)
. . . . . . . . . . RE: Blocking spoofed messages from ... (~Anita Asafreez... 16.Jan.04)

  Document options
Print this pagePrint this page

 Search this forum

  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Advanced search

 RSS feedsRSS
All forum posts RSS
All main topics RSS