This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP Authentication (Sophos as smtp relay to internal Exchange server)

Hi,

 

we have Sophos as SMTP relay to our internal Exchange server. SMTP authentication is not yet enabled on the Exchange.

So the Sophos will relay the emails to the Exchange.

Right now is possible to send emails using SMTP port (25) from one or our domain's user accounts to any another of our domain's user accounts without authentication. Which is, of course to me, a very big security vulnerability. (I tested it with telnet from outside of our networks... like if I were an attacker).

 

So the questions are:

 

1) Right now (when SMTP authentication is not enabled in the Exchange server),  is there a way to stop that behavior?

 

2) Once we enable SMTP authentication in the Exchange server, the sophos will still be whitelisted as the Exchange server needs to "rely" on the Sophos. How can we stop that behavior then?

 

 



This thread was automatically locked due to age.
Parents
  • The Bee said:

    Right now is possible to send emails using SMTP port (25) from one or our domain's user accounts to any another of our domain's user accounts without authentication. Which is, of course to me, a very big security vulnerability. (I tested it with telnet from outside of our networks... like if I were an attacker).

    Please read my post about SPF! This is one possible way that you can use!

    https://en.wikipedia.org/wiki/Sender_Policy_Framework

     

    Regards

    mod

  • Hi Mod,

     

    thanks for you reply.

     

    I already read it, but SPF doesn't do it because it will tell from which servers/ips/etc an email from certain domain should be received. But if I'm using that same host... I can do it.

    Also we already have SPF configured for some domains... and I'm still able to use SMTP as a client to send emails.

Reply
  • Hi Mod,

     

    thanks for you reply.

     

    I already read it, but SPF doesn't do it because it will tell from which servers/ips/etc an email from certain domain should be received. But if I'm using that same host... I can do it.

    Also we already have SPF configured for some domains... and I'm still able to use SMTP as a client to send emails.

Children
  • The Bee said:

    I already read it, but SPF doesn't do it because it will tell from which servers/ips/etc an email from certain domain should be received. But if I'm using that same host... I can do it.

    Also we already have SPF configured for some domains... and I'm still able to use SMTP as a client to send emails.

    Sorry I don't understand your problem. Do you want to control the sender addresses outside your own trusted mail domains?

    The Bee said:

    Right now is possible to send emails using SMTP port (25) from one or our domain's user accounts to any another of our domain's user accounts without authentication. Which is, of course to me, a very big security vulnerability. (I tested it with telnet from outside of our networks... like if I were an attacker).

    This is solved with a correct configured SPF record!

    Do you have "Perform SPF check" under "Advanced anti-spam features" enabled?