We have qmail server running on RHEL6.5. We have already made sure that our server is not acting as an open relay with the help of http://mxtoolbox.com/diagnostic.aspx
But still anyone can telnet to our domain and send fake emails to firstname.lastname@example.org
. For example
telnet mail.ourdomain.com 25
mail from: email@example.com
rcpt to: firstname.lastname@example.org
from: "Any Unknow name" <email@example.com>
to: "Some user Name" <firstname.lastname@example.org>
subject: Testing MTA with telnet
This way anybody can fool us.
So can anybody pls help me to prevent this. I meant to say, we should not block port 25, instead it should verify whether or not "from email id"
is exist in our domain, if it is exist then it should ask for the password also or if it is not exist then also it should not take us to next step. Because as per above example anybody can fool us as the mail is coming from outside but it is just from our domain to our domain without any authentication!!!
Expecting your kind help to block sending mails in this way.