Notes/Domino 6 and 7 Forum : Blocking spoofed messages from internal SMTP users

I'm not 100% clear whether you actually want to allow internal users to be able to send mail (via SMTP) from non-Notes clients.

If you only want to use Notes clients internally, then it seems your best point of control is to use the following field on the Server Configuration document:

"Allow connections only from the following SMTP internet hostnames/IP addresses"

If the only machine that should connect via SMTP is your DMZ SMTP host, then you can put that host's IP address or DNS name in there. If you want to allow relaying from other internal servers, add their names too.

In the Relay Controls section there is also "Allow messages only from the following internet hosts to be sent to external internet domains", which may help you.

You could get a similar effect by firewalling your "internal" SMTP server and restricting which internal hosts are allowed to connect on port 25 (you'd then have two levels of DMZ, which seems a little over-complex).

If, instead, you do need to allow internal clients to send via SMTP then you are limited to whatever authentication is offered by your network operating system and the minimal info available from the SMTP headers. In that case, you may want to use some internal SMTP server other than Domino that can make the link between a connecting client's IP and a logged-in network user. Then you can allow that server to relay through to your external server.

N.B. Even though the messages are outbound from your domain, you are concerned here mostly with SMTP inbound settings on your internal Domino server.

HTH,

Rupert Clayton
London

Notes/Domino 6 and 7 Forum

Document Options

Search this forum

Forum views and search

Member Tools

RSS Feeds