In an attempt to control out-going SMTP mails, I include e-mail addresses that can be sent out as STMP mails in the SMTP Outbound Control Tab (i.e. in the Allow Messages only from the following Internet addresses to be sent to the internet field).
It seems to work fine except when I Telnet to the mail server on Port 25 and attempt to send a mail. I send the mail by identifying the sender without the "@" sign and an Internet domain. The server accepts this as a valid sender! It actually sends out the mail even when this sender is not specifically permitted.
This question is a bit too complicated to answer fully here. It would require some careful testing to see just what is happening. Here are a couple of ideas though:
1. I assume you have verified that regular mail users of the Domino server (either Notes clients or browser users) are restricted correctly based on your settings in the SMTP control fields. If these users are able to send mail when they are not supposed to, you should report this to Lotus as a possible bug.
2. For users trying to trick the SMTP process (i.e. telnet access), it is possible that you have found a security hole. Alternatively, it is possible that the software is not designed to cover this scenario. Start with the first case though (regular mail users) and make sure that is working correctly.
Dig Deeper on Lotus Notes Domino Administration Tools
Related Q&A from Chuck Connell
Is it possible to encrypt a user's name before sending an email? SearchDomino.com expert Chuck Connell weighs in. Continue Reading
Learn how to change authentication timeout interval for Domino Web Access logins. Continue Reading
SearchDomino.com expert Chuck Connell provides a resource for a Lotus Notes administrator who wants to filter out email containing the word "spam," ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.