In Domino there is an option in configuration document “Verify that local domain recipients exist in the Domino Directory” for SMTP. That’s great and work well.But in local doamin (Internal) someone can send message from fake address to existing address.
How can i verify that local domain SENDER (“Mail From:” field) exist in the Domino Directory, when domino server receive SMTP message.
Subject: internal verification
SMTP isn’t used internally, just notes mail routing.
Mail clients on your server should be restricted from things which would enable them to do this…they should not be given design privileges. (Strict security would even say that your developers should do all development on a test server, production servers should not have ANYONE with design access. Admins can promote templates to the server once testing of the new designs is complete. In smaller environments, this might not be practical, I understand.)
Mail sent using the Notes client is authenticated against the user, and will be stamped with their info. There may be ways that they could manipulate the “display name”, which woudl cause confusion for recipients. But their signature will still be all over that document, so if the questionable message is reported you should b e able to figure out the culprit.