RE: Relaying question

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Sun, 28 Sep 2003 09:52:02 -0500

Hi Ken,
 
Then what you need to do is put an SMTP spam whacking relay in front of the 
SMTP server thatâs posing the problem for you. The spam whacking SMTP relay 
will block the spam messages from going outbound before they have a chance of 
doing any damage. Depending on the spam whacking software you use, you can even 
be notified of the event and start legal actions against the spammer in less 
than an hour â
 
HTH,
Tom
 
Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 
________________________________________
From: KEN MORRIS [mailto:KMORRIS@xxxxxxx] 
Sent: Friday, September 26, 2003 12:33 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Relaying question
 
http://www.MSExchange.org/
Chris,
I have been having the same problems.... But unchecking that has not stopped 
our users from relaying. The problem being once they have a user/pswd (which I 
think is my case), they can still get in and set up more spamming anytime. I 
have had to freeze queues and delete the spam messages in order to try to keep 
it clear.
So while this may appear as a fix, it will depend on how malicious they want to 
be.
Ken
-----Original Message-----
From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx]
Sent: Friday, September 26, 2003 1:25 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Relaying question
http://www.MSExchange.org/
According to Microsoft, my exchange is secure. We are not an open relay and in 
theory we should have no worries. However, the type of relaying going on here 
is malicious. It is a brute force attack on our user-base and not a simple IP 
spoof. The relay options in system manager are to allow all relay traffic 
except for the following. Then we have added the internal IP of our firewall as 
the exception since it nats all traffic including SMTP. Therefore, if someone 
wanted to relay, their email would appear to be from the internal NIC of the 
firewall and would be stopped. However, the checkbox at the bottom of this same 
screen says, âAllow all computers which successfully authenticate to relay, 
regardless of the list above". Therefore, when they manage to get a 
user/password that works, it doesnât matter where it comes from, they will 
get relayed. What will happen if I uncheck this box? Will true internal users 
still be able to relay? Will external relay be stopped using the smtp/Auth 
method? These are the questions I cannot find answers to. Any help would be 
appreciated. Thanks.

Other related posts:

  1. Home
  2. exchangelist
  3. Archive
  4. 09-2003