The intent is to verify that the user is not attempting to spoof the "From" field. This feature is most useful when a Domino SMTP server is configured to enforce authentication, but that is not a requirement.
Specifies whether the SMTP server requires mail sent during an authenticated session to be from the Internet address of the authenticated user.
Valid values are:
0 - Do not require the sender to use their Internet address
1- Require the Sender, or From, if Sender header does not exist, to match the Internet address of the authenticated server.
2 - Require the RFC822 From header to match the Internet address of the authenticated user. Sender is not checked, just From is checked
This determines if mail sent during an authenticated SMTP session is issued from a user's Internet address. If set to one it validates the entry in the From field and prevents authenticated users from sending mail from an address other than their Internet addresses.
The notes.ini parameter SMTPVerifyAuthenticatedSender was added in Domino® 6.0.3 and 6.5.
New to Domino 6.0.3 and 6.5, the SMTPVerifyAuthenticatedSender notes.ini setting is an additional security feature that permits relay for authenticated users only when they use their real e-mail address to send e-mails.
This parameter designates whether mail that is sent during an authenticated SMTP session must be from the Internet address of the authenticated users. The intent is to verify that the user is not attempting to spoof the "From" field.
This feature is most useful when a Domino SMTP server is configured to enforce authentication, but that is not a requirement.
NOTE:
This setting does not affect the Router, nor does it affect messages that are not submitted via SMTP.
The SMTPVerifyAuthenticatedSender setting does not work when SMTPTranslateAddresses is configured. Mail is rejected if addresses are translated because the match fails.
The features can only be used with single-address entries in the From or Sender field.
Notes