Authenticated users and spoofing

Discussion forum for Enterprise Edition.
Post Reply
mattko1
Posts: 4
Joined: Wed Mar 30, 2016 9:54 am

Authenticated users and spoofing

Post by mattko1 »

Hi,

I wish to to *stop* authenticated users on my mail server from being able send email from @addresses which are not theirs.

Currently any authenticated users on my server can configure myname@domain.com in their outlook clients and send from me which isn't ideal.

I've checked the 'address spoofing protection' tab in SMTP settings and this is set to "Authenticated users can spoof sender address"

Ok so this makes sense that they can send from me.. BUT.. how can I turn it off? The other 2 options aren't what I want. I need to disable spoofing for all users, even authenticated users!

I've tried checking the "Authenticated senders must use the address from their postoffice" in the SMTP settings, but this just prevents me from sending any mail at all - despite the email address in my outlook client matching the mailbox. e.g. outlook: myname@mydomain.com > mailanble: /mydomain/mailboxes/myname - mapping appears fine.

I've tried several times with this setting enabled, and restarted SMTP service. I am definitely authenticating with the same details as the email address I'm trying to send from but SMTP just won't send.

I'm probably missing something. Does anyone know the correct config for this?

Cheers

Matt

eta
Posts: 4
Joined: Fri Apr 30, 2021 9:57 am

Re: Authenticated users and spoofing

Post by eta »

Ho, I have the same issue, have you solved it?

a.loffredo
Posts: 6
Joined: Thu Apr 18, 2019 8:04 am

Re: Authenticated users and spoofing

Post by a.loffredo »

Same problem here using Mail Enable Entrerpise edition 10.37
This is unacceptable

please provide a solution to stop this!

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Authenticated users and spoofing

Post by MailEnable-Ian »

Hi,

I have raised an issue for this so that the security option for "Authenticated senders must use the address from their post office" can be improved with the additional restriction to restrict at the mailbox level. I don't have a time frame though when it will be reviewed at this stage but the issue is logged.
Regards,

Ian Margarone
MailEnable Support

eta
Posts: 4
Joined: Fri Apr 30, 2021 9:57 am

Re: Authenticated users and spoofing

Post by eta »

In MailEnable Entrerpise edition 10.38 same behavior.
This is a critical issue for us. We are considering migrating to other open source solution.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Authenticated users and spoofing

Post by MailEnable-Ian »

HI,

The setting has been added in the 10.39 beta kits under the current option for "Authenticated senders must use the address from their post office".

https://www.mailenable.com/beta/
Regards,

Ian Margarone
MailEnable Support

eta
Posts: 4
Joined: Fri Apr 30, 2021 9:57 am

Re: Authenticated users and spoofing

Post by eta »

MailEnable-Ian wrote:
Fri Mar 11, 2022 12:28 am
HI,

The setting has been added in the 10.39 beta kits under the current option for "Authenticated senders must use the address from their post office".

https://www.mailenable.com/beta/
This is great news!!!

Post Reply