This forum is dedicated to answering AbleCommerce 7.0 questions about PCI certification and compliance.
2 posts • Page 1 of 1
Having an open SMTP relay is a violation of PCI. If computers DHCP are sending SMTP through a server web app that sends it from the computers IP Address to the SMTP server it would be hard to lock down to IP addresses. For PCI compliance can you lock the SMTP relay down to subnets, or is SMTP authentication required or both.
You can lock SMTP relay down to your local network, sure. It would be wise to both restrict the SMTP server to your local network as well as require SMTP authentication.