Sometimes setting up a system to allow password authentication is less secure.
Ever notice activity like this on your SMTP-enabled Domino server?
SMTP Server: Authentication failed for user guest ; connecting host 220.127.116.11
SMTP Server: Authentication failed for user backup ; connecting host 18.104.22.168
Guess what… In this case, I am not happy that ec2-46-137-108-26.eu-west-1.compute.amazonaws.com (Amazon Web Services, Ireland) thinks they need to relay SMTP through my Domino server.
If this hacker is able to guess a user login and password combo, they can relay whatever they want.
There is a quick fix that prevents these hacking attempts from ever succeeding at circumventing SMTP relay restrictions:
If you are NOT using Internet Site documents, set the following field(s) to “No” in the corresponding server’s Server Document:
[Server Document] > Ports > Internet Ports > Mail
If you ARE using Internet Site documents, just change the following field(s) to “No”:
Want more info? Read more here.
Happy hacker snubbing!