CGatePro@mail.stalker.com Mailing List Archive

Mailing List CGatePro@mail.stalker.com Message #98180

From:	Lyle Giese <lyle@lcrcomputer.net>
Subject:	Re: Sending FROM accounts in domain even with authentication enabled
Date:	Fri, 26 Jun 2009 11:03:33 -0500
To:	CommuniGate Pro Discussions <CGatePro@mail.stalker.com>

That is the difference between the envelope from and the from on the email.

I usually explain it by comparing it to a letter you send in the US Mail. What is logged in the mail server logs and in a mail filter is the envelope From & To. This would be comparable to what is printed on the outside of the envelope.

But the letter inside can have an entirely different From & To and that is what the mail server would use to route and deliver the email.

The US Mail can only go by the envelope From & To. And what you are doing can only apply to the envelope From & To as the action is triggered before the body of the email with it's From & To are sent to the mail server.

Lyle Giese
LCR Computer Services, Inc.

David Modoski wrote:

Nevermind, I figured out the reason though not sure if there's a way to prevent it.

Apparently you can issue the "MAIL FROM:" command with an outside email address and then later in the transaction after issuing the DATA command you can insert a FROM: within the data portion which appears to over-ride the "MAIL FROM:" in the header. The only indication is in the long header where the "Return Path" is set to the real email address submitted.

-----Original Message-----
From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On Behalf Of David Modoski
Sent: June 26, 2009 9:27 AM
To: CommuniGate Pro Discussions
Subject: Re: Sending FROM accounts in domain even with authentication enabled

I understand that concept. However, this does not apply to email originating from our server. I can require that all of OUR users authenticate before they are allowed to submit email (any other domain on the Internet can submit email without authentication). This does work because as I stated when I connect to the SMTP port and send the FROM command with an account within our domain I immediately get a notification that the account requires authentication before submitting email. I don't understand how the spammers appear to be bypassing this. I'll need to check out the server logs to see if I can find any additional information.

The exact error message when using a CGP domain account

575 david.modoski@mydomain.com sender requires authentication

-----Original Message-----
From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On Behalf Of Lyle Giese
Sent: June 26, 2009 8:21 AM
To: CommuniGate Pro Discussions
Subject: Re: Sending FROM accounts in domain even with authentication enabled

David Modoski wrote:

We have authentication enabled for all of our CGP accounts for sending
email. This requires that the account holder authenticate to the
server before submitting mail. I've tested by connecting to the SMTP
port and using a FROM address within our domain (I'm informed by the
server that this account needs to authenticate before sending mail).
However, I've just started receiving SPAM that is address FROM an
email account within the domain. Anyone have any ideas how that might
be getting through?

Thanks,
Dave

This requirement is for relaying email, not sending email. You may say
what's the difference? Relaying means the email will be relayed/sent to
another email server. Sending can include email for here.

If you required Authenication for all email, you will be unable to get
email from the world as other mail servers won't be able to send email
to your domains.

Lyle Giese
LCR Computer Services, Inc.