I’m trying to figure out how to prevent users from sending an email to an outside address via Telnet after authenticating. We already have the server setup to prevent relaying so anyone using telnet cannot send to an outside address unless they authenticate with the server. However, once you’ve authenticated via a Telnet session it seems like you can then set the MAIL FROM value to anything you want… so I could send out an email that comes from our domain and looks like it’s coming from the President of the company. I don’t see anything getting logged in Domino that says who the actual authenticated user was who sent the mail. Is there somewhere that this is logged or is there a setting that would allow me to see who the person sending the message was authenticated as?
Thanks!
Subject: Inbound sender controls
You may be able to accomplish this using the Inbound Connection Controls in your Configuration document under Router/SMTP → Restrictions and Controls - > SMTP Inbound controls. I would do some testing first to make sure that you don’t inadvertently block SMTP hosts that you want to be able to access your server.
Subject: Found a solution
A notes.ini parameter that does exactly what I need.
SMTPVerifyAuthenticatedSender=1
The SMTPVerifyAuthenticatedSender notes.ini setting is an additional security feature that permits relay for authenticated users only when they use their real e-mail address to send e-mails. This parameter designates whether mail that is sent during an authenticated SMTP session must be from the Internet address of the authenticated users. The intent is to verify that the user is not attempting to spoof the “From” field. This feature is most useful when a Domino SMTP server is configured to enforce authentication, but that is not a requirement.