Best Settings For Mail Server Security for relay prevention

Discussion forum for Enterprise Edition.
Post Reply
tmorg
Posts: 64
Joined: Tue Aug 12, 2008 7:43 pm
Location: USA

Best Settings For Mail Server Security for relay prevention

Post by tmorg » Mon May 18, 2009 2:36 am

I want to prevent mail relaying for all domains and want to set only allow senders using authentication. However, I have one domain that also has 2 other domains connected to it. For example domain.com, domain.net and domain.org with users have addresses for each. Users should be authenticated through domain.com but what I'm find it that The server is sending the following error whicj is from the second domain:
<"user@domain.com"@mail.domain.net>: host
mail.domain.net[xxx.xxx.xxx.xxx] said: 551 This mail server
requires authentication before sending mail from a locally hosted domain.
Please reconfigure your mail client to authenticate before sending mail.
(in reply to MAIL FROM command)

All mail accounts are configured to to authenticate but for the primary domain.
Any help is greatly appreciated.....
Last edited by tmorg on Tue May 19, 2009 4:39 am, edited 1 time in total.

MailEnable-Ian
Site Admin
Posts: 9145
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Post by MailEnable-Ian » Mon May 18, 2009 2:44 am

Hi,

You have the security setting "prevent sender address spoofing" enabled within the SMTP security settings. Enabling the option will enforce inbound authenitcation for any local account (address) that tries to send to another local account. Disable the option to see if this fixes the problem. You will find it under: Servers:localhost>connectors>SMTP properties
Regards,

Ian Margarone
MailEnable Support

tmorg
Posts: 64
Joined: Tue Aug 12, 2008 7:43 pm
Location: USA

Post by tmorg » Tue May 19, 2009 4:37 am

Will try that and see what happens. Does anyone have a 'Best Settings" for Security to prevent spammers from using your mail account other than the general relay stopping?

MailEnable-Ben
Posts: 5858
Joined: Fri Jan 16, 2004 6:49 am
Location: Melbourne

Post by MailEnable-Ben » Thu May 21, 2009 3:58 am

It could be DNS related if you configured the domain in the setting Ian previously mentioned and it does not resolve to your server.

Make sure that the domain is a valid domain and the IP for the domain resolves back to your mail server.
Regards,

Product Services
MailEnable Pty Ltd

To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.

tmorg
Posts: 64
Joined: Tue Aug 12, 2008 7:43 pm
Location: USA

Post by tmorg » Wed May 27, 2009 5:35 pm

When I set that setting nobody from outside can email us at all.....

MailEnable-Ben
Posts: 5858
Joined: Fri Jan 16, 2004 6:49 am
Location: Melbourne

Post by MailEnable-Ben » Wed May 27, 2009 11:42 pm

Sorry you are going to have to supply more information about this. The setting will force all inbound messages where your FROM address is from a domain on the server to authenticate.

This feature would not stop all inbound traffic to the server and would only affect messages where the sender originates from your server.

What are the errors in the client and in the logs when this feature is enabled? Also have you got your clients configured to authenticate when the feature is enabled?
Regards,

Product Services
MailEnable Pty Ltd

To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.

MailEnable-Ben
Posts: 5858
Joined: Fri Jan 16, 2004 6:49 am
Location: Melbourne

Post by MailEnable-Ben » Thu May 28, 2009 7:14 am

Also make sure that the client is authenticating with their mailbox name and password (default) not any secondary domain names as this cannot be done. The SMTP auth will only work with the mailbox name and the password ie username@postoffice name and password.

If your error has one of the alternate domains as a username then this will not work. And as such this client needs to be set up to authenticate with the correct mail box name and password.
Regards,

Product Services
MailEnable Pty Ltd

To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.

Post Reply