We recently had a penetration test performed, which was excellent but for one issue.
A mail server spoof issue. Essentially the mail server allows an external user to send email as internal senders via SMTP or tcp port 25.
The suggested solution for the issue given to me by the tester was to configure my mail server to disallow or block SMTP sending from internal addresses.
Now, it is my understanding, that if I were in fact to block users in this fashion, no one will be able to send any mail outside of the domain, which is not an option.
My other thought is, if I were to block external SMTP connections or incoming port 25 connections in my firewall, that this too, would disallow anyone from sending mail to external users.
Is there any way I can plug this security hole and still allow users to send mail to external users?