RE: [cobalt-users] SMTP hole maybe - any ideas

["Ian" <ian@xxxxxxxxxxxxxxxxxxxx>]

Sorry guys allow me to try and explain a bit clearer, cos I cant see that this is meant to
be happening.

Lets say that I do not actually have anything to do with the raq3 server. I do not have an
account or any access rights on the server.

I find out what domains are located on the server and then I create an email account
within my local copy of say outlook, guessing what the smtp server for one of the domains
might be, not hard really, could be mail., smtp. or www. or I just check the MX records
for the domain to get it quicker.

I set my email address as anyname@xxxxxxxxxxxxxxxx for sender and return address.

I then send an email using the raq3's smtp server ability to 50 other domains on the same
server, purporting to being the company behind the domainonraq3.com.

The relaying of this email to 50 others on the same server is not prevented, even though
POP b4 SMTP is enabled. Admittedly it will not allow the relaying to domains that are not
on the server, but will happily send on this email to the 50 or so domains on the same
server.

Then, we have 50 very unhappy teddies who have supposably received an email from someone
we host, but no infact, it came from someone know one knows masquarading as
domainonraq3.com, as they have managed to send an email through the same server as the
company hosts on.

Surely this can not be right and the POP b4 SMTP should stop this sort of thing from
happening.

Could really do with knowing how the rest of you overcome this, cos surely it cant be left
open like this...

All points gratefully received,

Mac