"SMTP" And "RCPT TO:"

Notes/Domino 8 Forum

Subject: "SMTP" And "RCPT TO:"

Feedback Type: Problem

Product Area: Domino Server

Technical Area: Security

Platform: Windows 2003 server

Release: 8.0.1

Reproducible: Always

I have been busy the last couple of days to find some functionality in domino regarding to SMTP.
But after a real long search journey I couldn't find the answer. So I try it here on the forum now.

When you create a person or group in the NAB. It also uses SOUNDEX on the last name of a user or the SOUNDEX of the groupname.

When a spammer uses a dictionary attack to your domain its quite easy to find the soundex values of users in your notes domain.

So for example you have a user named "Test User 1/Domain". The soundex value for this user will be U260. When a spammer creates a mail at your SMTP server with the following commands

EHLO TEST
MAIL FROM: testuser@testdomain.com
RCPT TO: u260
DATA
TEST
.

This message will be accepted by domino.

On first - It's strange that Domino accepts this mail where no internet domain name is available. Is it possible to configure domino that it will only accept mail for domain names what you have configured for instance in the Global Domain Document.

On Second - Even if you have configured that "Address lookup = Fullname only" Domino accepts and routes this mail because domino finds an exact match in the $User view. Is it possible to configure notes so that it will only look in the field "Internet Address" for persons and Groups.

I hope everybody understands what I mean. If not please let me know so I can clarify it more precisly.

PS and yes on of the parts of my journey was the website of Chris Linfoot --> http://chris-linfoot.net/ and couldn't really find my answer overthere.

Feedback number WEBB7DAFY6 created by ~Lorraine Elfreeplopnivu on 04/01/2008