Our email server accepted and forwarded an email that should have been denied. I am trying to figure out how this happened and what settings I need to change to prevent this.
An unauthorized server attempted to send our server an email using an email from an ex-employee. Our server rejected this email for policy reasons but another attempt was made right after that using a bogus username but our domain name. i.e. pazfdryzihqhadcilew@ourdomain.com. That attempt was successful.
My server configuration is this:
******** Inbound Relay Countrols ***************
Allow messages to be sent only to the following external internet domains: Nothing Listed
Deny messages to be sent to the following external internet domains: (* means all) *
Allow messages only from the following internet hosts to be sent to external internet domains: 76.23.192.129; 192.168.2.30; 192.168.2.31; 192.168.2.32; 192.168.2.33; 192.168.2.34; 192.168.2.35; 99.201.48.227
Deny messages from the following internet hosts to be sent to external internet domains:(* means all): Nothing Listed
********** Inbound Relay Enforcement *****
Perform Anti-Relay enforcement for these connecting hosts: All connecting hosts
Exclude these connecting hosts from anti-relay checks: [192.168.2.45]; 192.168.2.30; 192.168.2.31; 192.168.2.32; 192.168.2.33; 192.168.2.34; 192.168.2.35
Exceptions for authenticated users: Allow all authenticated users to relay
********* DNS Blacklist Filters *****************
DNS Blacklist filters: Enabled
DNS Blacklist sites: sbl-xbl.spamhaus.org; list.dsbl.org
Desired action when a connecting host is found in a DNS Blacklist: Log and reject message
Custom SMTP error response for rejected messages: Your mail was sent by “%s” a Blacklisted server and will not be accepted, if this is a valid account contact your administrator or “%s”
************ Inbound Connection Controls ************
Verify connecting hostname in DNS: Disabled
Allow connections only from the following SMTP internet hostnames/IP addresses: Nothing Listed
Deny connections from the following SMTP internet hostnames/IP addresses: *.apol.com.tw
********* Inbound Sender Controls *********
Verify sender’s domain in DNS: Disabled
Allow messages only from the following external internet addresses/domains: Nothing Listed
Deny messages from the following internet addresses/domains: Nothing Listed
******** Inbound Intended Recipients Controls *********
Verify that local domain recipients exist in the Domino Directory: Enabled
Allow messages intended only for the following internet addresses: Nothing Listed
Deny messages intended for the following internet addresses: Nothing Listed
Any suggestions?
I have only authenticated users can relay so why is a bogus username allowed to relay?