1
SMTP authentication
Problem reported by Yusif Quliyev - January 22, 2016 at 4:29 AM
Submitted
Hello,
 
We had problem with smtp authentication. I have 2 email addresses, email1@example.com and email2@example.com. When I configure outlook I can write email address  email1@example.com but in authentication email2@example.com. And smartermail will accept email2 and send mails as email1. And receiver will see email1 and he doesn't see anything about email2.
 
It's big problem, everybody can change email address field, authenticate with own email and send mail as another account.

4 Replies

Reply to Thread
1
Bruce Barnes Replied
January 22, 2016 at 8:12 AM
The "short answer" is YES, because many ISPs now block when the SENT FROM e-mail address and REPLY TO e-mail address do not match.  The SENT FROM and REPLY TO e-mail addresses must match because they are now checked as part of ANTISPAM measures.
 
If the COMCAST Internet network sees headers in e-mail which contain different SENT FROM and REPLY TO e-mail addresses, they now completely block delivery of the message in the NETWORK - it never makes it to the receiving MX server.  No notice is given to either the sender or intended recipient - the message is simply sent to the circular bit bucket file.
 
SmarterMail also introduced this filtering capability in version 14.X,  The setting is located under SETTINGS ===> PROTOCOL SETTINGS ===> SMTP IN, where REQUIRED AUTH MATCH can be set to:
 
REQUIRE AUTH MATCH settings
REQUIRE AUTH MATCH Settings in SMTP IN
  • NONE - least restrictive
  • EMAIL ADDRESS - most restrictive, both addresses must EXACTLY match
  • DOMAIN - partially restrictive:  domain must match, but sender can be different, so long as sender is valid within the domain name.
 
We have seen a lot of mis-matched SENT FROM / REPLY TO header entries from forms which are generated by websites and shopping carts.   These require a lot of new coding on the part of the web designers to correct, but many of those same websites and shopping carts are still configured to NOT use SMTP authentication and like Comcast, YAHOO!, GMAIL, and OUTLOOK, we now check for SMTP AUTHENTICATION and BLOCK any messages which are not properly SMTP authenticated.
 
So, having digressed slightly, there are two things which we always enforce:
 
SENT FROM / REPLY TO e-mail address MATCH - EXACT MATCH, and
SMTP AUTHENTICATION
 
If someone's e-mail does not meet both of those tests, it is unceremoniously blocked.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Yusif Quliyev Replied
January 22, 2016 at 1:36 PM
Thanks for reply. I changed REQUIRED AUTH MATCH to email address. But again I can write someone else email address from my domain to outlook, authenticate by my email address and send mails as him.
0
Bruce Barnes Replied
January 22, 2016 at 2:21 PM
You also need to set the SMTP AUTH settings ALLOW RELAY to NOBODY:
 
 
and check the boxes on the following:
 
ALLOW RELAY FOR AUTHENTICATED USERS
ENABLE DOMAIN'S SMTP AUTH SETTING FOR LOCAL DELIVERIES
 
 
Finally, in the DOMAIN's EDIT box, on the TECHNICAL TAB, make certain you have: REQUIRE SMTP AUTHENTICATION checked:
 
 
Forgetting any of those settings opens your MX server up to being used by spammers.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Bruce Barnes Replied
January 22, 2016 at 3:28 PM
Open a ticket with SmarterTools or pay for tech support.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread