If your SMTP module can accept incoming TCP connections, your server can be used by spammers as a mail relay engine: they can distribute their messages all over the world using your server. To protect your site from spammers, the SMTP module can verify the Return-Path address (specified with the Mail From SMTP command) of incoming messages.
The SMTP module parses the message Return-Path (Mail From) address and rejects it if:
When the Verify HELO and Return-Path option is selected in the SMTP Service Settings, the SMTP module refuses to receive a message if:
If the connection comes from an address not included into the Client IP Addresses list, additional DNS verification checks are done, and the SMTP module rejects the Return-Path address if:
The SMTP module uses the Router after it parses the Mail From address. If that address is an address of a local user, or the address is known (rerouted) with the Router, the Mail From address is accepted. This eliminates Domain Name System calls for the addresses "known" to the Server.
The addresses routed to the ERROR address are rejected, so you can specify "bad" addresses and domains in the Router.
If you do not want to accept mail from any address in the offenderdomain.com domain, put the following line into the Router settings:
offenderdomain.com = error or <*@offenderdomain.com> = error
If you do not want to accept mail from all addresses starting with "promo" in the offenderdomain.com domain, put the following line into the Router settings:
<firstname.lastname@example.org> = error
If the Return-Path domain cannot be verified because the Domain Name Server that keeps that domain records is not available, the module refuses to accept the message, but instead of a "permanent" error code the module returns a "temporary" error code to the sending system. The sending system will try again later.
You can tell the SMTP module to use SPF DNS records to check that messages with the specified Return-Path can come from the sender's network (IP) address.
You can tell the SMTP module to use the Reverse Connect method:
If the server rejects this address, the SMTP module rejects the supplied Return-Path address, too.