This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sending mails from external server via internal Exchange

Hello,

we're using Exchange Server internally togehter with Email Protection. We want to allow two mail accounts to send mails from an external server in the internet.

I allowed the two mailbox users to send mail (via Relaying tab under Authenticated Relay).
This works fine. But now I've noticed that these two users can send mails with any sender.
Theoretically they can use the mail address of the company boss as sender mail.

How is this possible? Can I restrict this in the UTM?

Regards
UTMaddict



This thread was automatically locked due to age.
Parents
  • UTM will not check the mail FROM. Host based Relays will always accept any email. 

    Only Central Email will verify the Mail From. 

    __________________________________________________________________________________________________________________

  • Toni, he's asking about outbound email, not inbound.  Does Central Email check the From for emails sent from the external server via internal Exchange?  How would it know?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Toni, he's asking about outbound email, not inbound.  Does Central Email check the From for emails sent from the external server via internal Exchange?  How would it know?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • That is correct. If you do a host based relay (or authentication relay) it will accept every email from. 

    But Central Email will only accept Email from which are created and sit in your Email domain. You cannot send Emails from a non existing Email address in CEMA: 

    __________________________________________________________________________________________________________________

  • Thanks, Toni - are you saying that Central Email can enforce that the From is the same as the Sender?  Otherwise, he's worried that the remote users could spoof the boss's email address which is an existing one.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Essentially the Sender (Mail From and From) has to be the same in CEMA, yes. 

    But in UTM you can even send an Email with "FROM" what ever you like. UTM will accept this email regardless, even if you use test@sophos.com. But you will end up on all sorts of blacklists. 

    __________________________________________________________________________________________________________________