[Dshield] Open relays

Johannes B. Ullrich jullrich at sans.org
Fri Apr 9 13:48:21 GMT 2004

> Would an SMTP server behind a simple NAT'd firewall, open for internal
> use, be considered an open relay for the outside world?

My definition of open relay: A mail server that will relay 
mail from arbitrary senders to any recipient.

There are many ways to avoid this. Looks like in your case,
the purpose of the mail server is to allow your internal users
to send mail to the outside. In this case, it should be trivial
to configure the mail server to only accept connections from the
internal LAN. 

Look at your firewall/router as the extra layer of protection that
will safe your but if the configuration is wrong...

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040409/0a115016/attachment.bin

More information about the list mailing list