3 Replies Latest reply: Feb 13, 2013 6:56 AM by Attila Polinger RSS

    How to block unauthenticated users "From to" from sending


      I refer thisURL https://kc.mcafee.com/corporate/index?page=content&id=KB69050&actp=search&viewlo cale=en_US&searchid=1358563541932 but I dont find output as expect.

      When my using telnet for sending mail, I want to prevent the Parse "From to" because of the the user in "from to" not have in database

      Do not have User3 trong database data but you can still send mail to cho user1 (this account in database ).

      I am want to setup the policy to protect "Fake user" for sendling email


      You can use http://emkei.cz/ to test this issue.


      Thanks and best regard.

        • 1. Re: How to block unauthenticated users "From to" from sending
          Attila Polinger



          just ran into your query here (and I wonder if this question of yours still needs answering). If I understand you correctly, you would like prevent *internal* nonexisting users to send mail outside your organization.


          One possible way of doing this is to set your internet mail gateway to not accept connections from any other servers from inside than your internal SMTP server (should that be different than the one you posted a connection screenshot on).


          Your internal SMTP server should also not accept connection from other servers than the internal mailing servers (such as Exchange).



          • 2. Re: How to block unauthenticated users "From to" from sending

            Dear Attila,


            Yes that's what I mean. That is, an user which doesn't listed in the AD list cannot send email to internal and out of the organization.


            Could you please help me how to configure it on McAfee because I still don't know how to do at the moment. Thanks for your help.



            • 3. Re: How to block unauthenticated users "From to" from sending
              Attila Polinger

              Dear Nhan.Vo,


              I'm not  managing such an appliance any more so I can work from memory only :-) but if I'm not mistaken, there is the Permitted Domain list in the Email configuration section, where you can specify email domains and IP addresses from which the appliance accepts mail/connection from.


              Refer also to the documentation on how to prevent unwanted relaying by the appliance.


              I think there is not an option to specifically telling the appliance not to allow a given MAIL FROM: value (i.e. the "sending user"; meaning to check whether the sender email exists somewhere in a user AD record).


              A workaround could be to set up a Windows IIS with an SMTP service and set it to use authentication on users, then set this IIS server as the SMTP server on users computers, also set this server to be the only server acceptable for the McAfee appliance and in any inbetween DMZ or other network filtering rules.


              I hope I could help, if I did not please elaborate more.