[Dshield] Exchange Open Relay

Christophe Rome asrgchr at yahoo.com
Mon Mar 6 15:30:47 GMT 2006


--- Abuse <abuse at what4now.com> wrote:

> > and that we need to stop bouncing undeliverables?
> 
> The best thing to do is reject the bad email while
> in the SMTP transaction. 
> Accepting an email then creating a bounce message to
> the FROM address is bad
> news especially with spam and viruses.

1) I can understand that. This raises some questions
however. The mailservers behind our domain's MX
records are pure relayservers. All they do is relay to
the correct internal mailserver. They know what
domains are internal to them but they have no clue of
what emailadresses reside on these domains. So there's
no way (currently) that they could terminate the SMTP
connection upon checking the RCPT TO input. 
Are there others in this situation? I guess I could do
a lookup in my directory to check if the emailaddress
really exists internally but wouldn't that open the
door to directory harvest attacks? I know you could
slow this down using a technique called 'tarpitting'
but what's next? Please share your experiences if
any...

2) I thank you all for the great and constructive
replies but this topic has gone too much in the
direction of whether OOO replies are a good or bad
thing. That is a different topic. Some admins must
live with the fact that OOO replies need to be enabled
for outside use. So please don't question that in the
replies. 

Kind regards,

Christophe.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the list mailing list