Why SendGrid is allowing sending mail from any user of authenticated domain? - sendgrid

I have authenticated my domain in the SendGrid, now when I specify any email (with authenticated domain) it will send the mail. I want to restrict this to Fromuser#domain.com.
Let's say I want to restrict sending mail for this user noreply#domain.com, so that it can not be miss used by any other sender from the organization. Is this possible in SendGrid?

Related

Send an email that was redirected to a mailbox on the server (Exchange server)

I have opened a centralized mailbox that collects all the emails that come to my organization (for analysis).
This is done by a Transport Rule that i created which redirects all the email to this mailbox.
The problem is that when i tried to send it back to the original recipients with the EWS application it gives me this error:
ErrorSendAsDenied -
The user account which was used to submit this request does not have the right to send mail on behalf of the specified sending account., Cannot submit message.
This email was sent from outside of the organization so I guess i should grant the centrailzied mailbox SEND-AS permissions for the external email.
I have looked at the Add-ADPermission cmdlet here:
https://technet.microsoft.com/en-us/library/bb124403%28v=exchg.160%29.aspx?f=255&MSPPError=-2147217396
And tried to grant the mailbox permissions to "NT AUTHORITY\ANONYMOUS LOGON" but it doesn't recognize it,
How can grant the permissions?
Thanks!
You won't be able to resend the message as the original sender unless you own that sender domain and that is an authoritative domain (eg you can then assign rights to send as the security principal that owns that email address). Otherwise what your doing is considered spoofing and will be disallowed in the client API's for security reasons. You also don't wan't to just resend a message like that anyway eg if it has external recipients and you just resent it to all the recipients it you will be sending another copy to those external recipients in that case (which will mostly likely then just get bounced for spf reasons). What you need to know is the envelope recipients of the original message and just resend to those recipients.
A few workarounds for this would be to use the replay directory on Transport server https://technet.microsoft.com/en-us/library/bb124230(v=exchg.150).aspx this would be the most common method as it allows you control the delivery via Xheaders (eg so you can restrict which recipients get the message your resending) and gives the most flexibility but requires file level access to the Transport Server. Other EWS methods would be to look at using Moderation instead and then release the approved the messages,

How to rewrite outgoing email address to SMTP login name in postfix?

I host a mail server, where users log in via SMTP to send email.
The current config of postfix allows every authenticated user to send emails with any sender address.
My objective is to prevent users sending mail with an other FROM: address than the sender’s own SMTP login name.
For example: if you log in with the username bob, you’re only allowed to send emails with the sender address bob#example.com.
smtpd_sender_restrictions could be a solution, but this would reject clients, who entered any other address.
A more elegant way would be to automatically rewrite all from addresses to the username they logged in with. That's, what I'm trying to achieve.
Just like Gmail, if you use it as an SMTP service to send emails, the messages are sent with the address you logged in to Gmail.
Currently the SMTP authentication is done by dovecot:
smtpd_sasl_type = dovecot
The server itself is really simple, no fancy custom per-user based stuff or multi-domain setup, just users SMTPing in, and sending emails. :-)
I know that smtp_generic_maps and sender_canonical_maps exist, but I coudn't find the way to automatically rewrite the senders address.
By automatically I mean not one-by-one in a separate file.
Thank you for your help!

Inbound emails domain with Mandrill

I am using the Mandrill mail server for sending emails to users and I have my own domain added to Mandrill to send out mails. Suppose I have configured Mandrill to use info#mydomain.com to send out emails and then it should send emails which it does. And any replies sent to info#mydomain.com will be forwarded to traditional mailboxes.
Now I have a doubt on receiving emails via Mandrill, once I add an inbound domain and route its path to my desired location, it should be ready to receive emails. Well I have read questions on SO and it has been said that if someone wants to use traditional mailboxes for receiving mails then it's better not to use Mandrill or use a custom sub domain.
Also it has been said that it is not possible for Mandrill to receive email which is already configured or forwarded to some other traditional mailboxes.
So I added a sub domain to Mandrill's inbound domain like inbound.mydomain.com and receive emails on this domain which will be received by Mandrill and will be send to the desired route which we set up. Now I will have to change my sender domain with the same that is inbound.mydomain.com to make users reply to this domain which will be received at Mandrill. What I want is :
Send emails using info#mydomain.com
Receive emails to my location using inbound domains

Bulk set 'send on behalf of'

I have a service account for an application that is used to send out emails via a MSExchange server. The 'From' field gets populated by the email address in the current users profile, but the server is sending back a response
"SmtpException: Mailbox unavailable. The server response was: 5.7.1 Client does not have permissions to send on behalf of the from address."
As there are alot of email addresses that could be being sent from, is it possible to set up the service account so that it will have send on behalf permissions for "*#domain1.com email addresses" or do they all have to be added one at a time?
Send on behalf isn't really possible like this given how it's set. If you were OK with Send-As (so the mails would come from Service1#domain1.com versus Service1 on Behalf of bob#domain1.com), you could grant the service account send-as rights at the domain, OU, or mailbox database levels.

Send SMTP with From address of another domain

My goal is to create a canned email on my server and then send the email from client email addresses. To do this and not be marked as spam I understand it must come from a domain matching the from address.
There are many user email addresses I would need to send email from, all with the same domain. With cooperation from my client, could I set this up to work with one SMTP credential or would I need credentials for each and every individual user?
To clarify, if I get an SMTP server address with a un/pw from my client, would that be enough to send from:
george#example.com
martha#example.com
ted#example.com
Thanks!
It depends completely on the SMTP server you are using. Some servers will allow this, like Google's SMTP, but it will attach a Sender header to the outgoing message when the From header does not match the authenticated account.
Example:
You authenticate with joe#gmail.com
You send out with From: bill#gmail.com
The message will contain From: bill#gmail.com, but Google will attach
Sender: joe#gmail.com to the message headers.
So, it completely depends on the SMTP server and their policy.
Problem
You want to avoid joe-jobbing in your automated messages.
Your Options
It depends on how you're submitting jobs to the MTA.
If you're authenticating to a remote SMTP server for each message, then you need credentials for each user.
If you're injecting messages directly into an MTA (e.g. with the sendmail command) that is authorized to send mail for the domain, then you only need privileged access.