RE: Relaying question
- From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Fri, 26 Sep 2003 15:14:42 -0400
Last I checked, yes. You can specify by ip address as I recall. I'm not
near a machine to say exactly which setting path that's down but take a
look.
One issue you need to be aware of is the relay vs. the accept mail. You
want to be able to accept mail inbound but not relay to everywhere on the
internet. Understood. You want internal users' machines to be able to
relay so as long as they have a particular addr block then you should be
able to manage that. That won't prevent address spoofing, but it might be
done at the firewall instead.
As for your firewall being allowed, is your firewall passing the
conversation through or is it store-and-forward (running a SMTP daemon of
sort?)
Al
-----Original Message-----
From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx]
Sent: Friday, September 26, 2003 2:10 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Relaying question
http://www.MSExchange.org/
We actually need it for internal and external smtp traffic, but only
internal relaying. One of our customers has us send email on their behalf
from their domain but relayed from ours. We need that capability to
continue, however, the ones we have the problem with are the external
entities that are relaying through us malicious. We are not an open relay
site, yet they still get in relay by smtp/auth. Is there anyway to close the
door to pass-through relaying while leaving it open to outbound only and
only a specific set of IPs regardless of whether they are authenticated or
not?
-----Original Message-----
From: Golden, James [mailto:jgolden@xxxxxxxxxxxxxxxxxxxxx]
Sent: Friday, September 26, 2003 1:52 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Relaying question
http://www.MSExchange.org/
If you are using exchange for internal email only you can turn off relaying.
The way we have it setup is our exchange box doen's relay at all. If it is
going outbound then we put all that SMTP traffic to a MTA (we use sendmail
on a linux box). Our MTA only accepts smtp traffic from our exchange server,
the firewall and a few specific servers for applications that need to send
out SMTP. On top of that, at our firewall level we only allow smtp to and
from the Linux box and no other SMTP traffic is allowed through. We don't
have any problems with relaying now that we have this system fully
implemented.
I noticed that you said there are some custom apps... In this instance you
can setup the sendmail server to accept SMTP traffic from the firewall, and
whatever the other machines are and that's it. This will then deny any
other SMTP traffic in your internal network. That should fish them out, so
to speak. This will also get around Exchanges authenticated relay's.
Hope this helps.
James
"Risk more than others think is safe. Care more than others think is wise.
Dream more than others think is practical. Expect more than others think is
possible."
-----Original Message-----
From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx
<mailto:CAllen@xxxxxxxxxxxxxxxx> ]
Sent: Friday, September 26, 2003 8:34 AM
To: [ExchangeList]
Subject: [exchangelist] Relaying question
http://www.MSExchange.org/ <http://www.MSExchange.org/>
<http://www.MSExchange.org/ <http://www.MSExchange.org/> >
Per SpamCop and SpamHaus, "Spammers are taking advantage of weak passwords
on systems using smtp/auth and brute force finding name/password
combinations that work and then sending spam thru these servers. There are
various characteristic footprints for this and one of them is the use of a
"from" address of the format bluestallnn@some legit ISP and the "nn"
iterates in each successive spam.
bluestelllf@xxxxxxx
bluestellpg@xxxxxxxxxxx
bluestelluf@xxxxxxxxx "
My question is this, if I uncheck "Allow all
computers which successfully authenticate to relay, regardless of the list
above", will this effectively stop brute force attacks on weak passwords as
far as exchange is concerned and what will this break?
I am also taking measure by blocking their entire
block of IPs. The ranges are as follows:
211.158.32.0/20
211.158.48.0/21
211.158.80.0/20
219.153.144.0/20
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
callen@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
al.mulnick@xxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
