SMTP Issue

[Ryan Sweeney]

Hey Guys,

Well it seems anyone can send mail thru Plesk servers to any domain that's hosted on the server...

Umm this opens a bit of a security hole...

How does one block this... so only authenticated users can send thru server

Yeah i have SMTP and POP3 ticked under mail relay in Server-> Mail

Thanks
Ryan

 

[Faris Raouf]

I'm afraid I don't understand your problem. I suspect I have misunderstood, or maybe there was a typing error in your message?

You said:

...anyone can send mail thru Plesk servers to any domain that's hosted on the server

As long as it is only to any domain hosted on your server (and not to any external domain) then this is how email is supposed to work. Specifically, to make email work at all anyone at all MUST be allowed to connect on port 25 and be allowed to send email to any domain on your server. If this was not the case then it would be impossible for any external email to be delivered to your domains's mailboxes.

But igniring that, if you really and truly only want authenticated users to be able to deliver email to your mailboxes on your server then you could block port 25 using a firewall. This would stop all external email from arriving at your server. Then you would enable the submission port (via the Plesk control panel), which works on port 587 and ONLY allows authenticated users to send email, and ask all your users to change their email programs to use port 587 instead of 25.

Faris.