[Dshield] Spam 101 Question
areust at comcast.net
Sun Aug 7 00:34:17 GMT 2005
If you need to send "Broadcast Mail" there are better ways... If this is
Not an Active Gateway or Email Server turn it OFF! Just unplug the network
cable... Then start sorting problems...
You defined that you are using the IIS SMTP engine to do the job of a Mail
Server... This have been full of holes since the Option Pack under NT 4.0.
It can be done but you have to pay particular attention about what it
accepts and what it rejects...
Yes I know that many gateway's for Exchange use an IIS SMTP engine... You
have to be very careful that it know that anything "Outbound" comes only
from IP 123.456.789.012 with a netmask of 255.255.255.255 That would say
that IP ONLY! You can also say reject "Inbound" from 126.96.36.199 and tell it
a CIDR block of /8 this gets stored in the metabase... Thus the connections
get rejected for IP's other than the approved specific IP.. So if you do
not care about the World Inbound, Block connections from the World Inbound!
Yes see the thread as to why Blocking IP thread... It was pointed out that
each decisions to BLOCK a whole Class A means you are losing money one way
or the other...
So with the definitions you supplied... You are probably an open relay...
No Microsoft does not supply a "handy guide" on how to lockdown the IIS
SMTP... Many Gateways that you would install for SPAM Filters use it...
They make changes that are hard to identify...
The Hints would be Technet, and Exchange Open Relay... It provides a
handful of information...
Then use SANS checks for an Open Relay to test... You should also have a
smarter telnet program that would make it easier to test for what you would
expect for responses...
If you are just sending a Newsletter and have a valid email server to use
then Consider BLAT... Google is your friend... It is scriptable and it can
attach inline the message/attachments and more that you want to send... IF
the script is correct you can use it to send logs and many other things...
In the mean time turn off/stop IIS SMTP! The other thing would be only turn
it on when you use it.. then turn it back off...
Sorry I do not have all my configuration notes handy... It can be done with
At 10:35 AM 8/5/2005 -0400, you wrote:
>I have begun using a script cobbled together from samples I found on
>Microsoft's Web site to e-mail the library's newsletter to individual
>recipients using my local SMTP service (Windows Server 2003/IIS 6.0). I used
>the script twice in the last week and a half, sending around 300 messages
>each time. In the same period I have received about 900 returned mails,
>bounced spam with my originating e-mail address in the From: field. A random
>sample indicates the spam originated in Korea.
>How (why?) did this happen, and is it my fault? Can I do anything to stop
>I can provide headers, and the script, too, if that would help. If there is
>a more appropriate forum in which to address my questions, please feel free
>to refer me there.
>Technology Services Librarian
>Groton Public Library
>Groton, MA 01450
>jpike at gpl.org
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see:
More information about the list