Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Contribs.org Forums
  3. General Discussion
  4. Topic: SME server 9.2 - Check sender (own domain) if valid account?
« previous next »
Pages: [1]   Go Down

SME server 9.2 - Check sender (own domain) if valid account?

  • 2 Replies
  • 1755 Views

Offline Cruiser23

  • 8
  • +0/-0
SME server 9.2 - Check sender (own domain) if valid account?
« on: November 08, 2017, 04:19:56 AM »
Good day,

Sir/Ma'am is it possible to command the SME server 9.2 to verify first the sender account before delivering the message on our domain? (at least if the sender is from our domain)

    Example domain: Construction.com
    Example account: juan.delacruz@construction.com - (This account exist in our users)
                               salesmart@construction.com       - (This account doesn't exist in our users)

juan.delacruz@construction.com keep on receiving email from salesmart@construction.com.
But salesmart@construction.com is not our user and when we send/reply on this email we received mailer daemon.
Logged

Offline mmccarn

  • *
  • 2,627
  • +10/-0
Re: SME server 9.2 - Check sender (own domain) if valid account?
« Reply #1 on: November 10, 2017, 02:32:18 PM »
The feature you're looking for is "SPF" (Sender Policy Framework): https://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Appendix#SPF_Records

You could address unwanted sending addresses individually:
1. On the SME server:
* Whitelist-Blacklist Control allows you to block email from a given email address in a server-manager panel
* Mailsorting would let you create a rule on the server to file or delete the offending messages before they hit the user's inbox
* Item 5.21.2 on the Email wiki page describes how to block email from one user to another by manually templating and customizing the "badmailfromto" plugin.  Similar instructions would probably work for the "badmailfrom" plugin, too.

2. On the user's computer:
Create an email rule that deletes the offending messages


General answer:
Before making any significant configuration changes, you will need to do some research into where the offending emails are originating.  Look in the log files or message header to identify the IP address that the offending email came from, then research that IP address.

Info on reviewing the mail server log files can be found here: https://wiki.contribs.org/Mail_log_file_analysis

MXToolbox has an online email header analysis tool: https://mxtoolbox.com/public/tools/emailheaders.aspx

If the IP is on your LAN:
- Scan the offending system for viruses.

If the IP is the WAN, LAN or localhost IP of the SME server itself, or of any web server or other system under your control:
- look for insecure web applications (usually a "contact us" form of some sort)
- look for other evidence of infection

If the IP address is not under your control:
- Research the IP using a tool such as https://mxtoolbox.com/blacklists.aspx
-- If the offending IP or IPs are listed as spam sources, adjust your DNSBL or RHSBL settings

-- If the offending IP is not listed on any block lists, look into configuring SPF (Sender Policy Framework) for your domain.

If the log files indicate that the email originated in an authenticated transaction, change the password for the compromised account.

Logged

Offline Cruiser23

  • 8
  • +0/-0
Re: SME server 9.2 - Check sender (own domain) if valid account?
« Reply #2 on: November 12, 2017, 08:47:40 AM »
Good day,

Thanks a lot Sir MMCCARN. We will do this.
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Contribs.org Forums
  3. General Discussion
  4. Topic: SME server 9.2 - Check sender (own domain) if valid account?