RE: Relaying question

• From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
• To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
• Date: Fri, 26 Sep 2003 10:20:24 -0400

Have you considered having a look at the information on this subject at
www.microsoft.com/security <http://www.microsoft.com/security>  ?
 
There are some articles that discuss how to secure your server that also
talks about the trade-offs that go with it.  Although Tom's idea of fun is a
little skewed ;) you can hurt yourself if you make the changes without a
full understanding of what you are doing and what it's effects will be.  
 
 
ajm

-----Original Message-----
From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx] 
Sent: Friday, September 26, 2003 9:54 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Relaying question


http://www.MSExchange.org/


The problem is, I need to allow relay internally. I have various custom apps
that the users need to email a client upon completion of a workorder. They
each do over 500 a day and automation is the only way to do this
effectively. So, if I shut off the checkbox in question, will the internal
IPs still be able to relay?

 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Friday, September 26, 2003 9:50 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Relaying question

 

http://www.MSExchange.org/

Hi Chris,

 

Yes. If you don't allow relay, then the server will not relay. You can also
do other things like prevent the machine from resolving Internet host names
(just for fun).

 

HTH,

Tom

 

Thomas W Shinder

 <http://www.isaserver.org/shinder> www.isaserver.org/shinder 

ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> 

Configuring ISA Server:  <http://tinyurl.com/1llp> http://tinyurl.com/1llp

 

-----Original Message-----
From: Allen, Chris [mailto:CAllen@xxxxxxxxxxxxxxxx] 
Sent: Friday, September 26, 2003 8:34 AM
To: [ExchangeList]
Subject: [exchangelist] Relaying question

http://www.MSExchange.org/

 

Per SpamCop and SpamHaus, "Spammers are taking advantage of weak passwords
on systems using smtp/auth and brute force finding name/password
combinations that work and then sending spam thru these servers. There are
various characteristic footprints for this and one of them is the use of a
"from" address of the format bluestallnn@some legit ISP and the "nn"
iterates in each successive spam.

 

bluestelllf@xxxxxxx

bluestellpg@xxxxxxxxxxx

bluestelluf@xxxxxxxxx "

 

My question is this, if I uncheck "Allow all computers which successfully
authenticate to relay, regardless of the list above", will this effectively
stop brute force attacks on weak passwords as far as exchange is concerned
and what will this break?

 

I am also taking measure by blocking their entire block of IPs. The ranges
are as follows:

 

211.158.32.0/20

211.158.48.0/21

211.158.80.0/20

219.153.144.0/20

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
callen@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
al.mulnick@xxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts:

• » Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question
• » RE: Relaying question

1. Home
2. exchangelist
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---