[Dshield] Exchange Open Relay

Arthur Neville ajnevman at yahoo.com
Mon Mar 6 16:00:20 GMT 2006


Thank You
  The topic did change from what it was about originally, we are getting hammered and our Admins are at somewhat of a lost, the customer wants us to configure Symantec SMTP for exchange , but we disabled it from the mailservers because it was explicitly deny in  its configs and was starting to block good stuff
  We are tossing around the idea of placing some kind of spam gateway or subscribing to some sort of DNSBL to block this stuff.
  In any event thanks for the response at least OoO responses was a topic that I was interesting
  Thanks
  Arthur 
   
  

Christophe Rome <asrgchr at yahoo.com> wrote:
  
--- Abuse wrote:

> > and that we need to stop bouncing undeliverables?
> 
> The best thing to do is reject the bad email while
> in the SMTP transaction. 
> Accepting an email then creating a bounce message to
> the FROM address is bad
> news especially with spam and viruses.

1) I can understand that. This raises some questions
however. The mailservers behind our domain's MX
records are pure relayservers. All they do is relay to
the correct internal mailserver. They know what
domains are internal to them but they have no clue of
what emailadresses reside on these domains. So there's
no way (currently) that they could terminate the SMTP
connection upon checking the RCPT TO input. 
Are there others in this situation? I guess I could do
a lookup in my directory to check if the emailaddress
really exists internally but wouldn't that open the
door to directory harvest attacks? I know you could
slow this down using a technique called 'tarpitting'
but what's next? Please share your experiences if
any...

2) I thank you all for the great and constructive
replies but this topic has gone too much in the
direction of whether OOO replies are a good or bad
thing. That is a different topic. Some admins must
live with the fact that OOO replies need to be enabled
for outside use. So please don't question that in the
replies. 

Kind regards,

Christophe.

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


		
---------------------------------
Yahoo! Mail
Bring photos to life! New PhotoMail  makes sharing a breeze. 


More information about the list mailing list