Back to Community Threads
1
SMTP authentication
Problem reported by Emil Babayev - 1/22/2016 at 4:29 AM
Submitted
Hello,
 
We had problem with smtp authentication. I have 2 email addresses, email1@example.com and email2@example.com. When I configure outlook I can write email address  email1@example.com but in authentication email2@example.com. And smartermail will accept email2 and send mails as email1. And receiver will see email1 and he doesn't see anything about email2.
 
It's big problem, everybody can change email address field, authenticate with own email and send mail as another account.

6 Replies

Reply to Thread
1
Bruce Barnes Replied
1/22/2016 at 8:12 AM
The "short answer" is YES, because many ISPs now block when the SENT FROM e-mail address and REPLY TO e-mail address do not match.  The SENT FROM and REPLY TO e-mail addresses must match because they are now checked as part of ANTISPAM measures.
 
If the COMCAST Internet network sees headers in e-mail which contain different SENT FROM and REPLY TO e-mail addresses, they now completely block delivery of the message in the NETWORK - it never makes it to the receiving MX server.  No notice is given to either the sender or intended recipient - the message is simply sent to the circular bit bucket file.
 
SmarterMail also introduced this filtering capability in version 14.X,  The setting is located under SETTINGS ===> PROTOCOL SETTINGS ===> SMTP IN, where REQUIRED AUTH MATCH can be set to:
 
REQUIRE AUTH MATCH settings
REQUIRE AUTH MATCH Settings in SMTP IN
  • NONE - least restrictive
  • EMAIL ADDRESS - most restrictive, both addresses must EXACTLY match
  • DOMAIN - partially restrictive:  domain must match, but sender can be different, so long as sender is valid within the domain name.
 
We have seen a lot of mis-matched SENT FROM / REPLY TO header entries from forms which are generated by websites and shopping carts.   These require a lot of new coding on the part of the web designers to correct, but many of those same websites and shopping carts are still configured to NOT use SMTP authentication and like Comcast, YAHOO!, GMAIL, and OUTLOOK, we now check for SMTP AUTHENTICATION and BLOCK any messages which are not properly SMTP authenticated.
 
So, having digressed slightly, there are two things which we always enforce:
 
SENT FROM / REPLY TO e-mail address MATCH - EXACT MATCH, and
SMTP AUTHENTICATION
 
If someone's e-mail does not meet both of those tests, it is unceremoniously blocked.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Emil Babayev Replied
1/22/2016 at 1:36 PM
Thanks for reply. I changed REQUIRED AUTH MATCH to email address. But again I can write someone else email address from my domain to outlook, authenticate by my email address and send mails as him.
1
Bruce Barnes Replied
1/22/2016 at 2:21 PM
You also need to set the SMTP AUTH settings ALLOW RELAY to NOBODY:
 
 
and check the boxes on the following:
 
ALLOW RELAY FOR AUTHENTICATED USERS
ENABLE DOMAIN'S SMTP AUTH SETTING FOR LOCAL DELIVERIES
 
 
Finally, in the DOMAIN's EDIT box, on the TECHNICAL TAB, make certain you have: REQUIRE SMTP AUTHENTICATION checked:
 
 
Forgetting any of those settings opens your MX server up to being used by spammers.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Emil Babayev Replied
1/22/2016 at 2:34 PM
All this already done. But problem exist again.
0
Emil Babayev Replied
1/22/2016 at 2:40 PM
I have domain domain.com in smartermail. Also have 2 emails one@domain.com and two@domain.com.
When I configure account in microsoft outlook there is fields one just email address and second for authentication where I wrote email address and pass.
if first address and second address different but both is exist in domain.com, smartermail allow send mails. if in first first I wrote one@domain.com but in second two@domain.com, I'll able send send email as "one", but authenticate as "two".
There is problem everybody can change first field to someone else address and send emails as him.
0
Bruce Barnes Replied
1/22/2016 at 3:28 PM
Open a ticket with SmarterTools or pay for tech support.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

"550 Authentication is Required for Relay" when Sending EmailSmarterMail > Troubleshooting
Setting Up Two-Step Authentication (2FA, MFA, etc.)SmarterMail > Desktop and Mobile Synchronization
Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Configure SmarterMail as a Free Gateway ServerSmarterMail > Server Configuration and Management
Configure Outlook 2007 IMAP or POP AccountSmarterMail > Desktop and Mobile Synchronization