Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Securing SMTP service

Status
Not open for further replies.
verland

verland

MIS
Apr 24, 2002
138
US
My Exchange email service is currently being used illegitimately as a spam relay. This was noticed weeks ago, but we had problems getting the server itself to cut this out, so I modified the Raptors SNMP service properties (in the rule for our email) to only allow email to our domain.

That stopped a lot of spam and allowed us to fail (pass) some 17 relay tests.

However, we are still a relay. It is definately coming from the outside.



I want to try to lock down the SNMP rules a bit more but don't want to go clicking blindly, so what do these options in SMTP/advanced do?



Loose recipient checks

Loose sender checks



What I want to do is disallow users not using an internal email address to send email. We get messages in our Exchange IMC queue that are from <>.



Neither the online help nor the books we paid $4k for mention the SMTP advanced properties, and I don't even want to get into my call to tech support. Any help is appreciated, thank you.

Further note: we still fail (pass) email relay tests. As far as those go we are fine. But I've got laggy bandwidth and gobs of sniffer logs proving our email server is being abused.
 
Sort by date Sort by votes
A bit of an update: I think a lot of our problems were caused when management decided to clean up a lot of old mailboxes by deleting them, w/o sandboxing the smtp addys. This causes the server to mail out tons of NDR's, waste bandwidth, communicate with spam servers and other spam-esque behavior.

I'm still curious what those options mean however if anyone knows, thanks!
 
Upvote 0 Downvote
to prevent relaying via your server, do the following:

open your SMTP rule
click the services tab
select the smtp protocol
click configure
on the anti spam/relay tab, enter all recipient domains (all email domains used internally).

thats all

 
Upvote 0 Downvote
also, under the SMTPD Anti Spam tab you can check the sender domain for spoofing and also use a black hole list to stop known spammers.

bl.spamcop.net and input.orbz.org will work with the blackhole list.

but the best method is to stop that Exchange box from relaying. the Exchange forum here has information on how to stop it.

 
Upvote 0 Downvote
i prefer to stop the relaying at the firewall and not the mail server. this will block it before it reaches the mail server
 
Upvote 0 Downvote
Thanks much for all the help.
I prefer to block them at both, but M$ tech support said we can't or else our IIS stuff won't work.

I tried deliberately breaking things with the IMS relay settings anyway, setting it to only allow clients from an impossible ip address and restarted the service. It would still relay; I guess that Routing Restrictions is just for looks....
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

disturbedone
  • Locked
  • Question
Securing VLAN so it has limited access
Replies
1
Views
104
burtsbees
burtsbees
negley97
  • Locked
  • Question
XTM505 - would like to block all smtp traffic out except for Exchange server
Replies
2
Views
139
negley97
negley97
RalfR
  • Locked
  • Question
What's the difference between the Service and the Source Service field
Replies
1
Views
86
sp33domcgee
sp33domcgee
dciadmin
  • Locked
  • Question
DHCP service - ASA5505
Replies
2
Views
83
dciadmin
dciadmin
hitdrum
  • Locked
  • Question
Trouble allowing smtp out from DMZ on pix 525
Replies
1
Views
97
hitdrum
hitdrum

Part and Inventory Search

Sponsor

Back
Top