RE: Relaying question

  • From: "Allen, Chris" <CAllen@xxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 26 Sep 2003 14:10:25 -0400

We actually need it for internal and external smtp traffic, but only
internal relaying. One of our customers has us send email on their
behalf from their domain but relayed from ours. We need that capability
to continue, however, the ones we have the problem with are the external
entities that are relaying through us malicious. We are not an open
relay site, yet they still get in relay by smtp/auth. Is there anyway to
close the door to pass-through relaying while leaving it open to
outbound only and only a specific set of IPs regardless of whether they
are authenticated or not?


-----Original Message-----
From: Golden, James [mailto:jgolden@xxxxxxxxxxxxxxxxxxxxx] 
Sent: Friday, September 26, 2003 1:52 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Relaying question

If you are using exchange for internal email only you can turn off
relaying. The way we have it setup is our exchange box doen's relay at
all. If it is going outbound then we put all that SMTP traffic to a MTA
(we use sendmail on a linux box). Our MTA only accepts smtp traffic from
our exchange server, the firewall and a few specific servers for
applications that need to send out SMTP. On top of that, at our firewall
level we only allow smtp to and from the Linux box and no other SMTP
traffic is allowed through. We don't have any problems with relaying now
that we have this system fully implemented. 

I noticed that you said there are some custom apps... In this instance
you can setup the sendmail server to accept SMTP traffic from the
firewall, and whatever the other machines are and that's it.  This will
then deny any other SMTP traffic in your internal network.  That should
fish them out, so to speak.  This will also get around Exchanges
authenticated relay's.

Hope this helps. 


"Risk more than others think is safe. Care more than others think is
wise. Dream more than others think is practical. Expect more than others
think is possible."

-----Original Message----- 
From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx] 
Sent: Friday, September 26, 2003 8:34 AM 
To: [ExchangeList] 
Subject: [exchangelist] Relaying question <> 


Per SpamCop and SpamHaus, "Spammers are taking advantage of weak
passwords on systems using smtp/auth and brute force finding
name/password combinations that work and then sending spam thru these
servers. There are various characteristic footprints for this and one of
them is the use of a "from" address of the format bluestallnn@some legit
ISP and the "nn" iterates in each successive spam.




                        bluestelluf@xxxxxxxxx " 


                        My question is this, if I uncheck "Allow all
computers which successfully authenticate to relay, regardless of the
list above", will this effectively stop brute force attacks on weak
passwords as far as exchange is concerned and what will this break?


                        I am also taking measure by blocking their
entire block of IPs. The ranges are as follows: 






List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
Leading Network Software Directory:
No.1 ISA Server Resource Site:
Windows Security Resource Site:
Network Security Library:
Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
To unsubscribe send a blank email to

Other related posts: