|Mithi Connect Xf is by default configured to accept only authenticated SMTP. SMTP authentication along with the capability of rejecting SMTP connections with sender login mismatch ensures that within a domain, a user cannot masquerade as another without explicit permission.
A user can send mail either using a desktop email client such as Outlook/Thunderbird or via the web mail client.
Click on the image to Enlarge.
When an SMTP connection is made from the desktop email client to the mail server, the server requests for the user credentials. These include the login id and password. These credentials are maintained by the client and communicated to the server over secure protocols. On receipt of the credentials, the server ensures:
- That the user is a valid user for the domain and the entry is found in the domain directories.
- The password supplied matches with the password in the server.
- The From id of the MIME (the format is which a mail is transferred) matches the user id given in the credentials.
If any of these tests fail, then the mail is rejected.
A user connecting to the server using telnet access to the port 25 used for SMTP will also need to supply the credentials before the SMTP transaction is completed.