@Douglas Foster
The "Allow relay" option is already set to "Nobody", and the SMTP whitelist does not include the source IP address.
@Sérgio Rocha
You can find below the SMTP log:
Scenario 1:The user user@domain.com is sending an email as cee@domain.com, both belonging to the same domain.
[2025.05.21] 09:25:44.158 [192.168.1.20][51874191] rsp: 220 smartermailserver.domaine.com
[2025.05.21] 09:25:44.158 [192.168.1.20][51874191] connected at 5/21/2025 9:25:44 AM
[2025.05.21] 09:25:44.160 [192.168.1.20][51874191] Country code: Unknown
[2025.05.21] 09:25:44.160 [192.168.1.20][51874191] IP in whitelist
[2025.05.21] 09:25:44.172 [192.168.1.20][51874191] cmd: EHLO oranucnoc03
[2025.05.21] 09:25:44.173 [192.168.1.20][51874191] rsp: 250-smartermailserver.domaine.com Hello [192.168.1.20]250-SIZE 699050666250-AUTH PLAIN LOGIN CRAM-MD5250-8BITMIME250-SMTPUTF8250-DSN250 OK
[2025.05.21] 09:25:44.177 [192.168.1.20][51874191] cmd: AUTH LOGIN
[2025.05.21] 09:25:44.177 [192.168.1.20][51874191] rsp: 334 VXNlcm5hbWU6
[2025.05.21] 09:25:44.179 [192.168.1.20][51874191] Authenticating as user@domain.com
[2025.05.21] 09:25:44.179 [192.168.1.20][51874191] rsp: 334 UGFzc3dvcmQ6
[2025.05.21] 09:25:44.181 [192.168.1.20][51874191] rsp: 235 Authentication successful
[2025.05.21] 09:25:44.181 [192.168.1.20][51874191] Authenticated as user@domain.com
[2025.05.21] 09:25:44.194 [192.168.1.20][51874191] cmd: MAIL FROM: <user@domain.com>
[2025.05.21] 09:25:44.195 [192.168.1.20][51874191] senderEmail(1): user@domain.com
[2025.05.21] 09:25:44.195 [192.168.1.20][51874191] rsp: 250 OK <user@domain.com> Sender ok
[2025.05.21] 09:25:44.195 [192.168.1.20][51874191] Sender accepted. Weight: 0.
[2025.05.21] 09:25:44.197 [192.168.1.20][51874191] cmd: RCPT TO: <user@domain.com>
[2025.05.21] 09:25:44.197 [192.168.1.20][51874191] rsp: 250 OK <contact@gmail.com> Recipient ok
[2025.05.21] 09:25:44.200 [192.168.1.20][51874191] cmd: DATA
[2025.05.21] 09:25:44.200 [192.168.1.20][51874191] Performing PTR host name lookup for 192.168.1.20
[2025.05.21] 09:25:44.201 [192.168.1.20][51874191] PTR host name for 192.168.1.20 resolved as UnknownHost
[2025.05.21] 09:25:44.203 [192.168.1.20][51874191] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2025.05.21] 09:25:44.210 [192.168.1.20][51874191] senderEmail(2): ceo@domain.com parsed using: <ceo@domain.com>
[2025.05.21] 09:25:44.229 [192.168.1.20][51874191] DMARC Results: Skipped (Authenticated), Reason: Unknown, Reject? False
[2025.05.21] 09:25:44.229 [192.168.1.20][51874191] rsp: 250 OK
[2025.05.21] 09:25:44.231 [192.168.1.20][51874191] Received message size: 2494 bytes
[2025.05.21] 09:25:44.232 [192.168.1.20][51874191] Successfully wrote to the HDR file. (E:/SmarterMail/Spool/SubSpool9/352657771.hdr)
[2025.05.21] 09:25:44.232 [192.168.1.20][51874191] Data transfer succeeded, writing mail to 352657771.eml (MessageID: <000001dbca29$f2208910$d6619b30$@domain.com>)
[2025.05.21] 09:25:46.734 [192.168.1.20][51874191] cmd: QUIT
[2025.05.21] 09:25:46.734 [192.168.1.20][51874191] rsp: 221 OK
[2025.05.21] 09:25:46.734 [192.168.1.20][51874191] disconnected at 5/21/2025 9:25:46 AM
[2025.05.21] 09:26:07.051 [192.168.1.21][39043901] rsp: 220 smartermailserver.domaine.com
Scenario 2:The user user@domain1.com is sending an email as ceo@domain2.com, where both domains are hosted on the same SmarterMail server.
[2025.05.21] 10:44:19.780 [192.168.1.20][61510617] rsp: 220 smartermailserver.domaine.com
[2025.05.21] 10:44:19.780 [192.168.1.20][61510617] connected at 5/21/2025 10:44:19 AM
[2025.05.21] 10:44:19.781 [192.168.1.20][61510617] Country code: Unknown
[2025.05.21] 10:44:19.781 [192.168.1.20][61510617] IP in whitelist
[2025.05.21] 10:44:19.790 [192.168.1.20][61510617] cmd: EHLO oranucnoc03
[2025.05.21] 10:44:19.791 [192.168.1.20][61510617] rsp: 250-smartermailserver.domaine.com Hello [192.168.1.20]250-SIZE 699050666250-AUTH PLAIN LOGIN CRAM-MD5250-8BITMIME250-SMTPUTF8250-DSN250 OK
[2025.05.21] 10:44:19.794 [192.168.1.20][61510617] cmd: AUTH LOGIN
[2025.05.21] 10:44:19.794 [192.168.1.20][61510617] rsp: 334 VXNlcm5hbWU6
[2025.05.21] 10:44:19.796 [192.168.1.20][61510617] Authenticating as user@domain1.com
[2025.05.21] 10:44:19.796 [192.168.1.20][61510617] rsp: 334 UGFzc3dvcmQ6
[2025.05.21] 10:44:19.798 [192.168.1.20][61510617] rsp: 235 Authentication successful
[2025.05.21] 10:44:19.798 [192.168.1.20][61510617] Authenticated as user@domain1.com
[2025.05.21] 10:44:19.812 [192.168.1.20][61510617] cmd: MAIL FROM: <user@domain1.com>
[2025.05.21] 10:44:19.813 [192.168.1.20][61510617] senderEmail(1): user@domain1.com
[2025.05.21] 10:44:19.813 [192.168.1.20][61510617] rsp: 250 OK <user@domain1.com> Sender ok
[2025.05.21] 10:44:19.813 [192.168.1.20][61510617] Sender accepted. Weight: 0.
[2025.05.21] 10:44:19.815 [192.168.1.20][61510617] cmd: RCPT TO: <contact@gmail.com>
[2025.05.21] 10:44:19.815 [192.168.1.20][61510617] rsp: 250 OK <user@domain1.com> Recipient ok
[2025.05.21] 10:44:19.817 [192.168.1.20][61510617] cmd: DATA
[2025.05.21] 10:44:19.817 [192.168.1.20][61510617] Performing PTR host name lookup for 192.168.1.20
[2025.05.21] 10:44:19.819 [192.168.1.20][61510617] PTR host name for 192.168.1.20 resolved as UnknownHost
[2025.05.21] 10:44:19.820 [192.168.1.20][61510617] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2025.05.21] 10:44:19.827 [192.168.1.20][61510617] senderEmail(2): ceo@domain2.com parsed using: <ceo@domain2.com>
[2025.05.21] 10:44:19.849 [192.168.1.20][61510617] DMARC Results: Skipped (Authenticated), Reason: Unknown, Reject? False
[2025.05.21] 10:44:19.849 [192.168.1.20][61510617] rsp: 250 OK
[2025.05.21] 10:44:19.851 [192.168.1.20][61510617] Received message size: 2510 bytes
[2025.05.21] 10:44:19.852 [192.168.1.20][61510617] Successfully wrote to the HDR file. (E:/SmarterMail/Spool/SubSpool5/352658243.hdr)
[2025.05.21] 10:44:19.852 [192.168.1.20][61510617] Data transfer succeeded, writing mail to 352658243.eml (MessageID: <000d01dbca34$ecdbf5b0$c693e110$@domain2.com>)
[2025.05.21] 10:44:20.412 [192.168.1.21][33563265] rsp: 220 smartermailserver.domaine.com
@Mark Thornton
In your case, you mentioned sending an email impersonating a user from another domain. In our case, as shown in the log above, a user is either impersonating a user from the same domain or from a different domain that also exists on the same SmarterMail server.
If you sent an email impersonating a user from another domain that exists on the same SmarterMail server, please let us know which version of Outlook you are using.