Disabled domain still receives email
Idea shared by Joseph Robertson - March 24, 2015 at 12:33 PM
Under Consideration
I am in the process of switching a departments old email server to my Smartermail server.
Prior to performing the official switch (when I update their domains NS records) I went ahead and created their domain in Smartermail. However, I marked the domain as disabled.
My hope was that this would save me some time so, on the day of the switch, all I would have to do is change their DNS settings and it would start working.
 
Well, there was a problem.
Whenever a user from my domain sent an email to the department's domain, it got locally delivered, even though that domain was not active yet and was marked as disabled.
I checked my log files and it specifically says "Starting local delivery to...".
 
Obviously if Smartermail is hosting a domain it doesn't check DNS to verify and simply delivers locally, whether the domain is disabled or not.
 
I don't know if this is the intended behavior. If so, a disclaimer needs to be made on the 'Disable Domain' setting that locally delivered emails will still be delivered.
 
Joey Robertson
Director of IT
Archdiocese of Mobile

20 Replies

Reply to Thread
0
I think this is normal for an Email Server. I know that MS Exchange would bounce the email entirely when an internally hosted domain is disabled and another internally hosted domain sends email to it. You wouldn't expect internal domains to go through full DNS. It might be worth requesting a feature that allowed disabled domains to be archived in some way so that SM doesn't see it and therefore goes to external DNS.... Remembering that simply disabling a domain will not remove it from the local servers DNS. I might be wrong with the about, but it does make sense.
0
This has been talked about before...
 
I believe that disable domain should do what it says. If the domain is disabled then it should act like it doesn't exist on the server. Therefore external DNS lookup would happen and everything would be as expected.
6
It should have the same options as a user IMHO
 
Enabled
Disabled and allow mail
Disabled and disallow mail
0
Thanks for the replies.
I agree with Dan, the option to choose how you want to disable it would be wise.
Joey Robertson
Director of IT
Archdiocese of Mobile
2
Joseph, it was by design that a disabled domain could still receive mail.  For example, if a domain wasn't renewed in time but later renewed, the users wouldn't have lost email during the interim.  I can see the validity of implementing, as Dan suggested, two different options: disabled and allow mail, or disabled and disallow mail.
 
I will change this thread from Problem (since it's behaving as designed) to an Idea thread and mark it as Under Consideration for further discussion by the dev. team for possible inclusion in a future release.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Robert Emmett;
 
I believe your suggested solution of providing: 
 
"two different options: disabled and allow mail, or disabled and disallow mail."
is a valid compromise which will meet the requirements of still allowing mail to be received by those domain owners whose domain registrations have lapsed.  

The solution will also allow an e-mail vendor to lock out a customer, but still allow the customer's domain to receive e-mail, as an incentive to induce payment; and will allow complete lockout for non-payment or termination.
 
Thanks for weighing in on this issue and coming up with a great solution.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Yeah, well. A BIG warning message should be in place. How is someone to know (unless they know it) that disabling a domain is not the same as refusing email sent to it?  Kudos to Dan and Bruce, for the (totally reasonable) solution.  Let's see if it's implemented.
 
At least I know it now.
0
Many of SmarterMail's features are detailed in the Help Documentation found at help.smartertools.com. You can find this addressed in the "All Domains" document: "Disable Domain - Select this option to disable the domain. Disabled domains cannot send email and users cannot login to the Web interface. However, the domain will still receive email to prevent email loss. This option is a good way to temporarily shut off a domain without deleting it."

Andrea Rogers
Communications Specialist
SmarterTools Inc.
(877) 357-6278

www.smartertools.com

0
I beg to differ. This doesn't really "temporarily shut off a domain" if the domain keeps receiving email.
 
Nonetheless, forewarned is forearmed.
 
 
0
If the capability is provided to completely shut off a domain in a future release, then it will so work, as was stated in the suggestion put forth by SmarterTool's Roger Emmett: 
 
two different options: disabled and allow mail, or disabled and disallow mail. 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
1
For anyone facing this situation, I upgraded to SM 14.1 and when creating or editing a domain there is now a dropdown labeled "Domain Location". The options for this new feature are:

Local
External (use MX record)
External (use host address)

I used "External (use host address)", added the IP Address of the current "live" email server, and now mail flows as needed until I can get the new domain completely setup.
 
Brilliant!
 
0
So, as i've just found out (and a few people by the looks of it). Disabled, doesn't mean disabled as you would think.

I need to be able to stop the emails coming in as i'm getting a "Your message couldn't be delivered because the recipient's email system reported the following error: '550 Authentication is required for relay'." error when sending from the new server to a person on another domain on the server thats had the domain disabled.

I think its quite misleading the "Disabled" word, you wouldn't think to look in the help files if you think its been completely disabled (which it hasn't).

Is there a fix for this other than removing the domain from the server?
0
Yes, it was posted above your question, Anthony:
 
When creating or editing a domain there is now a dropdown labeled "Domain Location".
 
The options for this new feature are:

 - Local
 - External (use MX record)
 - External (use host address)

If you use "External (use host address)", and add the IP Address of the current "live" email server, and the  e-mail will  route properly until you have the new domain completely setup.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Thanks Bruce, that works fine for outgoing emails from my server (the old mail server with the disabled domain) to the new server.
But when the person tries to reply to that message from the new server, they get a '550 Authentication is required for relay' error.

So sending to a domain on the same server as the disabled domain from the new server gives the above error.
0
We have this same problem, did you find a solution?
0
was this resolved?
0
Maybe you can rename the domain to something nobody would ever use anywhere, such as domain8755x.org.  You also probably need to rename the domain folder to match that of the new domain.
 
This will effectively make the original domain disappear. And as a possible plus, users can perhaps login at that domain name, if you've made the necessary changes, to check old email.
 
Shouldn't be too difficult to experiment first with a couple of email addresses at two new fake domains, to see if this all works.
 
And it would probably help to stop / re-start SM and IIS Windows services after making changes to the settings.
 
 
0
Robert Emmett Replied
Employee Post
Ara, what version of SmarterMail are you using?
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
We are on version 16.3.6698
0
Robert Emmett Replied
Employee Post
How are you sending mail to this domain?  With my test domain disabled and sending from both a client application and within the web interface, I have been unable to receive email to that domain.  In fact, in both cases the sending accounts received bounce messages.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread