Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Open Relay - should I be concerned?

Status
Not open for further replies.
Jun 2, 2003
39
US
I've been tasked with deploying iVantage, a software for our HR Dept. One of the requirements is to setup an SMTP virtual server in order to enable routing and alerts from iVantage.
My concern is that this will in fact be akin to having an open relay on my Exchange 2003 mail server which will expose our network to Spam attacks and get our domain black listed.
Are my concerns valid? Should I demand that the vendor comes up with a different solution for enabling alerts or do I worry too much?
Your input is greatly appreciated.
 
Does this iVantage software run locally on your internal network or is it going to be outsourced?
 
Seems like an odd setup - why would iVantage require such a thing? i.e. why couldn't they simply forward alerts, etc to a destination address that you specify?
 

mofusjtf[\b]: iVantage will run locally on my network; in fact I am dedicating a server to this application which depends on SQL Server and IIS in order to work.

texnut[\b]: That's exactly what I was thinking...Their recommendation is to install the SMTP virtual server on the same server where SQL will run (since I am dedicating a server to this thing, all will be running from one machine) and when I objected to this move, they recommended to "secure" the relay by having it receive email only from that particular internal server.

Still, my concern is that IP addresses can be easily spoofed.

What do you think?

Thanks for the input.
 

The concern is whether I am not needlessly creating one more path for possible attacks (like smurf attacks, for example) by having an open relay on my mail server. Injecting packets into the network with forged IP source addresses is but one way to "fool" the relay into thinking that it is accepting mail from legitimate sender.

In your opinion I shouldn't worry about this? I'm getting conflicting opinions and would like to be able to come to an educated decision.
 
I would hardly classify a server that's accepting SMTP email from one INTERNAL address to be an open relay.

You should be fine.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top