Answers in-line. John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- From: Johnny Yeo [mailto:johnny@xxxxxxxxxx] Sent: Wednesday, May 19, 2004 7:49 PM To: [ExchangeList] Subject: [exchangelist] Question on article: Using Mail Relays to Enhance Exchange Security Hi All, This is my first time using MSExchange.org Email Discussion List. I hope I do it right ;) I have a few questions with regards to the article: Using Mail Relays to Enhance Exchange Security 1. Don't forget the mail relay! Make sure that you secure the mail relay as much possible, install new security related patches, etc. One of the perks of having a mail relay is that you can reboot it more often than you could an Exchange Mailbox server. Linux is no more secure than Windows and more difficult to manage, so make sure you have the knowledge to handle it if you choose Linux as your solution. * From the article I understand that my mail relay server is placed in the DMZ while my Exchange 2003 server is placed in trusted zone. Assuming that the MX record is pointing only to the mail relay server, what will happen to my e-mails when I reboot the mail relay server? According to RFC, the sending mail server tries to connect to the MX record of the receiving domain. If it can not connect to one, it should retry for at least 24 hours, normally 48 hours, unless it receives a reason not to retry. 2. Don't over-do your junk e-mail detection or you'll be fishing out deleted e-mails from your mail relay forever. Better choose a solution that blocks some junk mail at the mail relay level, and the rest at the server level, delivering suspected mail to a folder in the users' mailbox. * Ok 3. Using a different anti-virus at the mail relay level than the one you use internally can lessen the chances of infections. * Ok 4. Usually backing up mail relays is not really required but when your Exchange server is unavailable due to maintenance, internal virus outbreak or a Firewall problem you should be able to backup your mail relay so that a sudden crash doesn't take all your mail away. * Ok 5. Monitor your mail relay queue to find out if there is a problem sooner rather then later. * Possible problem could be: Mail being relayed to other domain? More likely incoming spam to non-existent uses. 6. If you have POP3/SMTP clients, use the mail relay as an outgoing mail server instead of Exchange. This allows you to uncheck the SMTP authentication checkbox of the Exchange SMTP virtual server Relay options that is used by Trojan attacks. Trojans hijack username and password on workstations using various methods. They use this information to authenticate to the Exchange SMTP virtual server. Then they spoof the mail so that it appears as if it is coming from a valid IP for a large Internet E-mail supplier. However if you uncheck this option regular SMTP clients that you might find in most large enterprises such (For example, UNIX and Mac clients) will not be able to use Exchange to send mail. This quite alright as your mail relay can be configured for this purpose. * The mail relay server that I used is from Trend Micro. Specifically, I am using the Viruswall to relay the mails to my domain which is Delteq.biz. When my POP3/SMTP clients points to Delteq.biz as an outgoing server, they only can deliver mail to Delteq.biz domain, but not external domain. Is there a workaround on this matter? Not sure how you have it set up, but your users should be configured to use Exchange for outgoing, contrary to what that paragraph says. While it theory it presents a good point, there are other methods of protection, such as scanning of all incoming and outgoing messages for spam and virus. Thanks in advance! Regards, Johnny Yeo Malaysia