Hi all, my first post...
I'm not sure how to search for this in the knowledge base or community. This may already be answered, and if so, I apologize for the duplication; and would appreciate a link to the pertinent thread,
I've seen quite a few instances where an fake email address using one of our domain names is used to send mail inbound to the server from outside our organization to a valid email account on our server. The domain portion is correct, but the email root is not.
Example: We host the xyz.com domain and email@example.com sends an email to firstname.lastname@example.org from an outside server. There is no email@example.com email/user on our server. The fake@ email is delivered through port 25 unauthenticated (just like any other email).
It seems that by default SmarterMail 11 allows this. I run a few other mail servers and they all seem to disallow this out of the box, recognizing that the fake@ is not a valid user.
Is there a setting that governs this?
(Note that I considered the use of spf in our dns, but I'll have to make changes to the mail systems at some of our remote properties to make that work,)