[Dshield] Exchange Open Relay
ajnevman at yahoo.com
Mon Mar 6 16:00:20 GMT 2006
The topic did change from what it was about originally, we are getting hammered and our Admins are at somewhat of a lost, the customer wants us to configure Symantec SMTP for exchange , but we disabled it from the mailservers because it was explicitly deny in its configs and was starting to block good stuff
We are tossing around the idea of placing some kind of spam gateway or subscribing to some sort of DNSBL to block this stuff.
In any event thanks for the response at least OoO responses was a topic that I was interesting
Christophe Rome <asrgchr at yahoo.com> wrote:
--- Abuse wrote:
> > and that we need to stop bouncing undeliverables?
> The best thing to do is reject the bad email while
> in the SMTP transaction.
> Accepting an email then creating a bounce message to
> the FROM address is bad
> news especially with spam and viruses.
1) I can understand that. This raises some questions
however. The mailservers behind our domain's MX
records are pure relayservers. All they do is relay to
the correct internal mailserver. They know what
domains are internal to them but they have no clue of
what emailadresses reside on these domains. So there's
no way (currently) that they could terminate the SMTP
connection upon checking the RCPT TO input.
Are there others in this situation? I guess I could do
a lookup in my directory to check if the emailaddress
really exists internally but wouldn't that open the
door to directory harvest attacks? I know you could
slow this down using a technique called 'tarpitting'
but what's next? Please share your experiences if
2) I thank you all for the great and constructive
replies but this topic has gone too much in the
direction of whether OOO replies are a good or bad
thing. That is a different topic. Some admins must
live with the fact that OOO replies need to be enabled
for outside use. So please don't question that in the
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
Learn about Intrusion Detection in Depth from the comfort of your own couch:
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
Bring photos to life! New PhotoMail makes sharing a breeze.
More information about the list