External users sending mail without authenticating
Question asked by Jerry Waggoner - 9/30/2016 at 2:12 PM
I'm having a hard time determining if this is expected behavior or if we have something misconfigured in SM.  For SMTP in we have Allow Relay set to Nobody and Enabled domain's SMTP auth enabled.  If I telnet directly to the alternate SMTP port of our server I get the standard greeting:
250-[servername] Hello [ip]
250-SIZE 52428800
250 OK
If I do a MAIL FROM command and specify a domain that is hosted by SM I get:
550 Authentication is required for relay
But if I specify any other random, made up email address I am allowed to go on to specify the RCPT, DATA, etc and SM will accept the message.  Checking the logs the majority of them seem to get trapped by the spam checks and deleted, but I am wondering why it accepted the message in the first place?  Shouldn't SM reject any message from any unauthenticated user?  Seems strange that it would accept it and jump through all the hoops of spam checks when it shouldn't have to so I'm inclined to think I'm missing something somewhere.  Thanks.

2 Replies

Reply to Thread
Jerry Waggoner Replied
Update to this: I had to disable the 'Enable domain's SMTP auth setting for local deliveries' setting for now.  We started getting reports of bounced messages.  Basically anyone trying to send to their own domain using an SMTP other than ours was getting the Authentication is required for relay error.  One user was configured to send our through their provider's SMTP - nothing wrong with that(?) - but that message was also bounced.  That seems like a legitimate setup sending a legitimate message but as soon as SM saw the message coming from a local domain it insists on being authenticated.  I get that's what the setting is supposed to do, so I must be missing something as to how it would be usefully implemented.    Is it a realistic expectation that if your domain is hosting on SM you HAVE to use it as your SMTP server if you hope to send to your own domain?
Bruce Barnes Replied
This can also be caused by improperly setup ports (in SmarterMail); not having the FQDN of the PRIMARY SmarterMail server mapped to a PUBLIC IP ADDRESS; not having a proper UP address to Domain name match in SmarterMail - especially easy to overllook if you've recently change hosting providers, or been given a new bkock of IP addresses; not having a valid rDNS or SPF record . You should either ioen a,ticket with SmarterMail, or contract the support of someone who can properly vet, resolve, and explain why this is a problem for your SmarterMail installation. . An analysis of your SmarterMail server configuration is in order to vet this problem.
Bruce Barnes
ChicagoNetTech Inc

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread