[Dshield] Exchange Open Relay

David Cary Hart DShield at TQMcube.com
Mon Mar 6 17:25:08 GMT 2006


On Mon, 6 Mar 2006 08:00:20 -0800 (PST)
Arthur Neville <ajnevman at yahoo.com> opined:
> Thank You
>   The topic did change from what it was about originally, we are
> getting hammered and our Admins are at somewhat of a lost, the
> customer wants us to configure Symantec SMTP for exchange , but we
> disabled it from the mailservers because it was explicitly deny in
> its configs and was starting to block good stuff We are tossing
> around the idea of placing some kind of spam gateway or subscribing
> to some sort of DNSBL to block this stuff. In any event thanks for
> the response at least OoO responses was a topic that I was
> interesting Thanks Arthur 
> 

I have seen terribly unexpected results from Symantec. The best bet
MIGHT be to use a *nix box running Postfix as a gateway. PF is a
whole lot easier to administrate than sendmail (if I can - anyone
can).

Spamhaus does not include backscatter, challenges or autoreplies.
SORBS has some. AHBL adds backscatter. We include all three as we get
them. That said, this is resolved better locally (IMHO).

1. Reject all non-local mail from "<>"
2. RegEx header checks can reject all OoO and C/R challenges as well
as non-local NDRs that do not originate from <>

Please make sure that you 55x these. In other words, don't bounce the
stuff and then add to the detritus. 
-- 
Our DNSRBL - 
           Eliminate Spam: http://www.TQMcube.com
          Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
            Zombie Graphs: http://www.TQMcube.com/zombies.php


More information about the list mailing list