Skip to content

How can we improve?

← Welcome to MDaemon Technologies' Suggestion Box

Per domain Authentication

Sign email received by authenticated server: now DKIM only sign email from authenticated session but you can only defined authentication per user. For example I have Exchange behind SecurityGateway and if I configure authenticaed Send Connector i should also disable "Authentication credentials must match those of the email sender" on security gateway. Doing so if an hacker will stole a single password he will able to send email from any local users....

1 vote
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Mauro shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
AdminArron Caruth (VP of Product Development, Alt-N Technologies) responded  · 

Hello,

Thank you for sharing your ideas with us. I have split your ideas into multiple items.

If I’m understanding correctly, you would like an option to exclude domain mail server from the requirement for authentication credentials must match those of the email sender. Is that correct?

I also wanted to mention that Location Screening may help you to secure your server. It allows you to only allow authentication from specific areas of the world. So for example, if all of your users were in Italy, you could restrict SG to only allow SG from within Italy.

Thanks,
Arron

Show previous admin responses (1)

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Mauro commented  ·   ·  Report

    Hi,
    consider this scenario:
    - Multiple domains on the same system. I cannot configure different SMTP Authentication configuration because local users became “remote” (see my ticket attached to this email)
    - Needs to configure SMTP authentication to enable DKIM signing
    - Exchange server who uses SG for sending email

    In this scenario I need to enable SMTP Authentication and I will configure my Exchange server to authenticate with SG using a dedicates user (for example I create a domain on SG named exchange.diennea.lan with SMTP authentication configured)
    If someone steal this credential OK: he could send email from external and I cannot prevent this but I can set up a very strong password to reduce this risk.
    But if someone steal just the credential of some generic users he could send email impersonating someone else….

    If SG could recognize SMTP Server authentication (instead users SMTP authentication) I can prevent this because I will set up the configuration who prevent user A to send email as user B.
    So if a server from specific IP address will authenticate to SG it could sends email as whatever users (and email will be signed by DKIM) but an authenticated user could send email as himself.

Welcome to MDaemon Technologies' Suggestion Box: SecurityGateway

Categories

Feedback and Knowledge Base

(thinking…)