Still able to send emails unauthenticated even when Require SMTP Authentication is enable in SmarterMail 13
Problem reported by Miguel Moura - October 11, 2015 at 11:53 AM
Submitted
Hello,
 
I have SmarterMail in13 installed and I have set Require SMTP Authentication for all domains using the propagation tool:
 
However, when I was able to send an email using Outlook without SMTP authentication ...
 
Any idea why this happens? This seems a bug no?
 
Thank You,
Miguel

4 Replies

Reply to Thread
0
There are many reasons this can happen:
 
 - the domain is allowed to override SMTP authentication
 - the IP ADDRESS of the domain is set for SMTP authentication bypass
 - an external server is accepting e-mail for your server and forwarding to the domain, without being required to authenticate or is listed in SMTP authentication bypass.
 
If they are not already set to detailed, set your SMTP LOGS to DETAILED and then check to see what is shown for anyone sending to the domain.
 
If the issue happens with a specific sender, then search for that sender.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Miguel,
 
Are you sending to another user on the same domain? SmarterMail allows this even with SMTP Auth enabled. You have to take further steps to lock it down.
 
IMO, this checkbox should require SMTP Auth for intra-domain messaging as well. It would prevent someone from spoofing admin@mydomain.com and sending a fraudulent message to all employees...
 
Kevin
0
When properly setup, everyone must SMTP authenticate. This is an issue with your configuration(s), as no one else is complaining about unauthorized senders, and this would be a MUCH larger issue if it were a "bug."
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Without actually viewing your configuration, no one can tell whether you are properly configured or now.
 
You will have to open a support ticket with SmarterTools to resolve this.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread