We have qmail server running on RHEL6.5. We have already made sure that our server is not acting as an open relay with the help of http://mxtoolbox.com/diagnostic.aspx.
But still anyone can telnet to our domain and send fake emails to anybody@ourdomain.com. For example Code:
telnet mail.ourdomain.com 25 helo mail.ourdomain.com mail from: unknown@anyname.com rcpt to: anyemailid@ourdomain.com data from: "Any Unknow name" <unknown@anyname.com> to: "Some user Name" <anyemailid@ourdomain.com> subject: Testing MTA with telnet Hi, This way anybody can fool us. Regards, . quit
So can anybody pls help me to prevent this. I meant to say, we should not block port 25, instead it should verify whether or not "from email id" is exist in our domain, if it is exist then it should ask for the password also or if it is not exist then also it should not take us to next step. Because as per above example anybody can fool us as the mail is coming from outside but it is just from our domain to our domain without any authentication!!!
Expecting your kind help to block sending mails in this way.