We actually need it for internal and external smtp traffic, but only internal relaying. One of our customers has us send email on their behalf from their domain but relayed from ours. We need that capability to continue, however, the ones we have the problem with are the external entities that are relaying through us malicious. We are not an open relay site, yet they still get in relay by smtp/auth. Is there anyway to close the door to pass-through relaying while leaving it open to outbound only and only a specific set of IPs regardless of whether they are authenticated or not? -----Original Message----- From: Golden, James [mailto:jgolden@xxxxxxxxxxxxxxxxxxxxx] Sent: Friday, September 26, 2003 1:52 PM To: [ExchangeList] Subject: [exchangelist] RE: Relaying question http://www.MSExchange.org/ If you are using exchange for internal email only you can turn off relaying. The way we have it setup is our exchange box doen's relay at all. If it is going outbound then we put all that SMTP traffic to a MTA (we use sendmail on a linux box). Our MTA only accepts smtp traffic from our exchange server, the firewall and a few specific servers for applications that need to send out SMTP. On top of that, at our firewall level we only allow smtp to and from the Linux box and no other SMTP traffic is allowed through. We don't have any problems with relaying now that we have this system fully implemented. I noticed that you said there are some custom apps... In this instance you can setup the sendmail server to accept SMTP traffic from the firewall, and whatever the other machines are and that's it. This will then deny any other SMTP traffic in your internal network. That should fish them out, so to speak. This will also get around Exchanges authenticated relay's. Hope this helps. James "Risk more than others think is safe. Care more than others think is wise. Dream more than others think is practical. Expect more than others think is possible." -----Original Message----- From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx] Sent: Friday, September 26, 2003 8:34 AM To: [ExchangeList] Subject: [exchangelist] Relaying question http://www.MSExchange.org/ <http://www.MSExchange.org/> Per SpamCop and SpamHaus, "Spammers are taking advantage of weak passwords on systems using smtp/auth and brute force finding name/password combinations that work and then sending spam thru these servers. There are various characteristic footprints for this and one of them is the use of a "from" address of the format bluestallnn@some legit ISP and the "nn" iterates in each successive spam. bluestelllf@xxxxxxx bluestellpg@xxxxxxxxxxx bluestelluf@xxxxxxxxx " My question is this, if I uncheck "Allow all computers which successfully authenticate to relay, regardless of the list above", will this effectively stop brute force attacks on weak passwords as far as exchange is concerned and what will this break? I am also taking measure by blocking their entire block of IPs. The ranges are as follows: 211.158.32.0/20 211.158.48.0/21 211.158.80.0/20 219.153.144.0/20 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: callen@xxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')