Roger> There is an external app server (that is our service provider)
Roger> that we want them to blast emails to a team/department in our
Roger> organization (email domain @xyz.com ) but these emails will
Roger> have the sender to be in same domain as us ie @xyz.com.
Roger> What are the risks of permitting such bypass (ie disable
Roger> Norelay) in our MTA (it's MS Exchange) & if we have to permit
Roger> it, what mitigations we can put in place?
Don't let them bypass at all, just give them a login to your mail
system with the appropriate limitations, so that they submit via port
587. This is how I have my hosted domain handle email from my iphone
and other IMAP devices.
This also means you can assign them a specific sender ID, so you can
track them better.
In your master.cf, you would have something like this for the
> There is an external app server (that is our service provider) that
> we want them
> to blast emails to a team/department in our organization (email
> domain @xyz.com <http://xyz.com>)
> but these emails will have the sender to be in same domain as us ie
> @xyz.com <http://xyz.com>.
> What are the risks of permitting such bypass (ie disable Norelay) in
> our MTA
> (it's MS Exchange) & if we have to permit it, what mitigations we
> can put in place?
This is not relaying. DO NOT disable any anti-relay controls.
If the service provider sends mail to your internal team with a
From: header indicating it's an internal mail, you probably already
allow this and don't need to do anything.
If the service provider also sets the envelope sender address to
your internal domain, AND you use SPF/DKIM/DMARC to prevent
spoofing, then you'll need to exempt the service provider from those