effective anti-relay solution

[rem736]

hi all,

i had just gotten my email server up and running for about a week now when spammers have broken through my stmp authentication.

i tried changing the password to some 18 letter non-sensical word and they still got through to relay mail.

this led me back to using just the "normal" anti-relay mode, which did the trick. relaying from spammers stopped. this won't stop spam directed at my users, but at least it stops the relaying and helps me from being blacklisted as a spammer.

and i have to question why smtp authorization is considered more secure than the normal mode, since spammers can break authentication so easily? i thought that to make it more secure, smtp authentication mode should work IN CONJUNCTION WITH the "normal" mode, not overide "normal" mode as stated in the help menu.

is there any way that Mercury can check for valid users in "normal" mode AND apply smtp authentication. i realize that this will not take care of those who are able to spoof email addresses of users on my domain, but at least it will take care of the vast majority of spammers who don't use this technique.

 

[rem736]

actually, i just found out that it may not have stopped all relays.

i'm not sure how to properly interpret the live log in three of the modules, SMTP Server, SMTP Client (end-to-end), and the Core Processes module.

i monitored these three during on sitting and noticed the following:

1. SMTP Server shows no activity.
2. SMTP Client (end-to-end) (MercuryE?) shows lots of activity. looks like it's accepting mail for delivery and actually making deliveries.
3. Core Processes module occassionally shows that an email is sent from <> to postmaster and to a supposed unallowed addressee.

i am guessing from this that the relays are still going through, though they don't show up on two of the three modules. is this correct?

isn't it suppose to show up on all three modules when a piece of mail is being delivered?