Hi,
I wish to to *stop* authenticated users on my mail server from being able send email from @addresses which are not theirs.
Currently any authenticated users on my server can configure myname@domain.com in their outlook clients and send from me which isn't ideal.
I've checked the 'address spoofing protection' tab in SMTP settings and this is set to "Authenticated users can spoof sender address"
Ok so this makes sense that they can send from me.. BUT.. how can I turn it off? The other 2 options aren't what I want. I need to disable spoofing for all users, even authenticated users!
I've tried checking the "Authenticated senders must use the address from their postoffice" in the SMTP settings, but this just prevents me from sending any mail at all - despite the email address in my outlook client matching the mailbox. e.g. outlook: myname@mydomain.com > mailanble: /mydomain/mailboxes/myname - mapping appears fine.
I've tried several times with this setting enabled, and restarted SMTP service. I am definitely authenticating with the same details as the email address I'm trying to send from but SMTP just won't send.
I'm probably missing something. Does anyone know the correct config for this?
Cheers
Matt
Authenticated users and spoofing
Re: Authenticated users and spoofing
Ho, I have the same issue, have you solved it?
-
- Posts: 6
- Joined: Thu Apr 18, 2019 8:04 am
Re: Authenticated users and spoofing
Same problem here using Mail Enable Entrerpise edition 10.37
This is unacceptable
please provide a solution to stop this!
This is unacceptable
please provide a solution to stop this!
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Authenticated users and spoofing
Hi,
I have raised an issue for this so that the security option for "Authenticated senders must use the address from their post office" can be improved with the additional restriction to restrict at the mailbox level. I don't have a time frame though when it will be reviewed at this stage but the issue is logged.
I have raised an issue for this so that the security option for "Authenticated senders must use the address from their post office" can be improved with the additional restriction to restrict at the mailbox level. I don't have a time frame though when it will be reviewed at this stage but the issue is logged.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Authenticated users and spoofing
In MailEnable Entrerpise edition 10.38 same behavior.
This is a critical issue for us. We are considering migrating to other open source solution.
This is a critical issue for us. We are considering migrating to other open source solution.
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Authenticated users and spoofing
HI,
The setting has been added in the 10.39 beta kits under the current option for "Authenticated senders must use the address from their post office".
https://www.mailenable.com/beta/
The setting has been added in the 10.39 beta kits under the current option for "Authenticated senders must use the address from their post office".
https://www.mailenable.com/beta/
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Authenticated users and spoofing
This is great news!!!MailEnable-Ian wrote: ↑Fri Mar 11, 2022 12:28 amHI,
The setting has been added in the 10.39 beta kits under the current option for "Authenticated senders must use the address from their post office".
https://www.mailenable.com/beta/