I’m having a problem with users on the road sending mail through our domino server. I have SMTP authentication turned on. Under normal cirumstances, authenticated users can send mail into the domain and they can relay. But when a user tries to send mail from an IP address that resolves in one of the DNSBLs we check, the server denies their connection.
Is there a way around this? You’d think that if a user authenticates they’d be allowed to bypass DNSBL checking.
tia,
mark
Subject: SMTP authentication trumped by DNSBL
There is a way round this. Use the D7 whitelist.
I agree it would be better if the setting “allow authenticated users to relay” trumped DNSBL, but
a) this would be technically very difficult as the DNSBL hit happens at the moment a remote system connects and authentication doesn’t complete until some time later
b) this might leave you open to brute force attacks against SMTP AUTH from networks you have chosen not to trust (by virtue of their inclusion in a DNSBL you use).
Subject: RE: SMTP authentication trumped by DNSBL
I have gotten around this problem with using whitelists but it’s not a very good solution. If a user with a imap mail package (eg apple Mail) tries to send mail from an unknown remote location using our domino server as the smtp server, I have no idea what IP or domain to whitelist. And even when I do have an idea (after they call me from the starbucks or friend’s house they’re at), whitelisting anything that ends in rr.com or verizon.com (or any ip address or subnet in their network) seems like a very very bad idea to me.
Does anyone have a way they handle this other than with a VPN or a separate smtp server?