Validating incoming email

You can use the following options to check that incoming mail was sent from a valid user mail account or to deny access to specified mail addresses. IMail Server will always include the IP address of the source of a message in the message header.

Check valid sender. If enabled, IMail Server requires that the user’s mail address (user@host) is specified in the MAIL FROM or REPLY-TO line of an incoming mail message.

Auto-deny possible hack attempts. If more than 512 characters are sent during anything but the SMTP DATA command, the remote IP address is temporarily put in the "deny access" (Control Access) file until you stop and restart the service. Sending more than 512 characters in anything but the SMTP DATA command will look like an attempt to "hack" in to your server. You will not see the address in the "deny access" list, but it is reported in the log file.

Disable SMTP `VRFY’ command. The SMTP VRFY command is used to verify a user ID on a host - as such it can be used from a remote host to test for valid user IDs. If you select this option, when IMail Server receives an SMTP VRFY request, it returns the message: 502 Command not implemented

Tags: validating, email, mail, smtp, hack

Related posts

• To setup Eudora using alternate port 587 for outbound smtp (0)
• security features for TCP/IP (0)
• Malware definition (0)
• Mail relay options (0)
• Letterboxing Mail.app (0)