Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 33 replies
  • Answers 3 answers
  • Subscribers 7 subscribers
  • Views 56891 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP Authentication (Sophos as smtp relay to internal Exchange server)

The Bee

Hi,

 

we have Sophos as SMTP relay to our internal Exchange server. SMTP authentication is not yet enabled on the Exchange.

So the Sophos will relay the emails to the Exchange.

Right now is possible to send emails using SMTP port (25) from one or our domain's user accounts to any another of our domain's user accounts without authentication. Which is, of course to me, a very big security vulnerability. (I tested it with telnet from outside of our networks... like if I were an attacker).

 

So the questions are:

 

1) Right now (when SMTP authentication is not enabled in the Exchange server),  is there a way to stop that behavior?

 

2) Once we enable SMTP authentication in the Exchange server, the sophos will still be whitelisted as the Exchange server needs to "rely" on the Sophos. How can we stop that behavior then?

 

 



This thread was automatically locked due to age.
Parents
  • 0

    The Bee said:

    Right now is possible to send emails using SMTP port (25) from one or our domain's user accounts to any another of our domain's user accounts without authentication. Which is, of course to me, a very big security vulnerability. (I tested it with telnet from outside of our networks... like if I were an attacker).

    Please read my post about SPF! This is one possible way that you can use!

    https://en.wikipedia.org/wiki/Sender_Policy_Framework

     

    Regards

    mod

  • 0 in reply to mod2402

    Hi Mod,

     

    thanks for you reply.

     

    I already read it, but SPF doesn't do it because it will tell from which servers/ips/etc an email from certain domain should be received. But if I'm using that same host... I can do it.

    Also we already have SPF configured for some domains... and I'm still able to use SMTP as a client to send emails.

Reply
  • 0 in reply to mod2402

    Hi Mod,

     

    thanks for you reply.

     

    I already read it, but SPF doesn't do it because it will tell from which servers/ips/etc an email from certain domain should be received. But if I'm using that same host... I can do it.

    Also we already have SPF configured for some domains... and I'm still able to use SMTP as a client to send emails.

Children
  • 0 in reply to The Bee

    The Bee said:

    I already read it, but SPF doesn't do it because it will tell from which servers/ips/etc an email from certain domain should be received. But if I'm using that same host... I can do it.

    Also we already have SPF configured for some domains... and I'm still able to use SMTP as a client to send emails.

    Sorry I don't understand your problem. Do you want to control the sender addresses outside your own trusted mail domains?

    The Bee said:

    Right now is possible to send emails using SMTP port (25) from one or our domain's user accounts to any another of our domain's user accounts without authentication. Which is, of course to me, a very big security vulnerability. (I tested it with telnet from outside of our networks... like if I were an attacker).

    This is solved with a correct configured SPF record!

    Do you have "Perform SPF check" under "Advanced anti-spam features" enabled?

Unfiltered HTML