RE: Relaying question

  • From: "Golden, James" <jgolden@xxxxxxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 26 Sep 2003 13:51:34 -0400

If you are using exchange for internal email only you can turn off relaying.
The way we have it setup is our exchange box doen's relay at all. If it is
going outbound then we put all that SMTP traffic to a MTA (we use sendmail
on a linux box). Our MTA only accepts smtp traffic from our exchange server,
the firewall and a few specific servers for applications that need to send
out SMTP. On top of that, at our firewall level we only allow smtp to and
from the Linux box and no other SMTP traffic is allowed through. We don't
have any problems with relaying now that we have this system fully
implemented. 

I noticed that you said there are some custom apps... In this instance you
can setup the sendmail server to accept SMTP traffic from the firewall, and
whatever the other machines are and that's it.  This will then deny any
other SMTP traffic in your internal network.  That should fish them out, so
to speak.  This will also get around Exchanges authenticated relay's.

Hope this helps.

James

"Risk more than others think is safe. Care more than others think is wise.
Dream more than others think is practical. Expect more than others think is
possible."

-----Original Message-----
From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx] 
Sent: Friday, September 26, 2003 8:34 AM
To: [ExchangeList]
Subject: [exchangelist] Relaying question  
 
 
 http://www.MSExchange.org/ <http://www.MSExchange.org/> 

                         

Per SpamCop and SpamHaus, "Spammers are taking advantage of weak passwords
on systems using smtp/auth and brute force finding name/password
combinations that work and then sending spam thru these servers. There are
various characteristic footprints for this and one of them is the use of a
"from" address of the format bluestallnn@some legit ISP and the "nn"
iterates in each successive spam.

                         

                        bluestelllf@xxxxxxx

                        bluestellpg@xxxxxxxxxxx

                        bluestelluf@xxxxxxxxx "

                         

                        My question is this, if I uncheck "Allow all
computers which successfully authenticate to relay, regardless of the list
above", will this effectively stop brute force attacks on weak passwords as
far as exchange is concerned and what will this break?

                         

                        I am also taking measure by blocking their entire
block of IPs. The ranges are as follows:

                         

                        211.158.32.0/20

                        211.158.48.0/21

                        211.158.80.0/20

                        219.153.144.0/20

Other related posts:

  1. Home
  2. exchangelist
  3. Archive
  4. 09-2003