Email interface and whitelisted IPs

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Email interface and whitelisted IPs

Colin
Hi,

I was under the impression that the email interface was for authenticated connections from local domains only.

We had a problem customer that was "evicted" a few months back and I've just got an email notifcation about them reporting a spam message successfully to the email interface.

They are no longer in local domains and they were not using an authenticated connection.

The IP range was whitelisted because it came from a hosted platform that a few senders seem to use we have problems with their messages getting flagged as spam. We have had to put quite a few things in the IP whitelist over time and wouldn't want most of them to be able to use the email interface.

Is it intentional that the whitelistedIP has bypassed the restrictions on the email interface?
Cheers,
Colin.

------------------------------------------------------------------------------

_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Email interface and whitelisted IPs

Thomas Eckardt/eck
There is no check for whitelisting (user,domain,ip) in the email interface.
Check the ldaplistdb and the local user lists, possibly LDAP and VRFY. If a user is valid, it may possible that local domains is not checked!


Thomas
 





Von:        cw <[hidden email]>
An:        ASSP development mailing list <[hidden email]>
Datum:        14.11.2016 17:44
Betreff:        [Assp-test] Email interface and whitelisted IPs




Hi,

I was under the impression that the email interface was for authenticated connections from local domains only.

We had a problem customer that was "evicted" a few months back and I've just got an email notifcation about them reporting a spam message successfully to the email interface.

They are no longer in local domains and they were not using an authenticated connection.

The IP range was whitelisted because it came from a hosted platform that a few senders seem to use we have problems with their messages getting flagged as spam. We have had to put quite a few things in the IP whitelist over time and wouldn't want most of them to be able to use the email interface.

Is it intentional that the whitelistedIP has bypassed the restrictions on the email interface?
Cheers,
Colin.------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test