allowing relaying... security issues
- From: "Brad Pears" <bradp@xxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 5 Mar 2007 16:31:39 -0500
We are using Exchange 2000 on an SBS 2000 machine.
We signed up with Spam Soap - an outside company to provide
incoming/outgoing SMTP mail filtering . As part of their service, you also
configure them as a "smart host". This is configured in the virtual SMTP
Server area - in the advanced options for delivery. Also, in order to have
this work properly, the SMTP Connector we had configured in the 'Connectors'
area also had to be removed.
We have an in-house VB .net application that automatically sends
auto-generated emails. This particular application is configured and running
as a service on a small Win2K server. In the code we send the mail out
using our Exchange 2000 server. This was all working just fine until I
removed the SMTP connector and configured the smart host information in the
SMTPVS area. Once that was done, we were completely unable to auto send any
emails OUTSIDE the company. The error was similiar to the following...
ERR-SendEmail-The server rejected one or more recipient addresses. The
server response was: 550 5.7.1 Unable to relay for {username}@{domainname}.
(Note: We could send email internally using this service no probs - only
messages being sent outside the company domain failed)
Now, the way I was able to resolve this was to allow 'relaying' for the IP
address of the Win2K machine sending these emails via the custom service. I
configured relaying in the Virtual SMTP server settings, Access->Relay
settings. I granted relay access ONLY to the WIn2K machine that is sending
these emails and it works just fine again.
My question is this...In the past I have heard that it is not a good thing
to allow relaying due to the security risks of allowing this. Since I have
now allowed relaying (but only for the one machine) am I now opening us up
to security issues?? Obviously if we need to allow relaying it needs to be
so, but I just wonder how big of a security risk this will really be for
us - keeping in mind the fact that we are sending all mail through a smart
host... I am thinking this configuration should keep us pretty protected
from someone finding and using this machine to send their own emails (i.e
spammers)
What are peoples thoughts on this issue??
Thanks, Brad
.
- Follow-Ups:
- Re: allowing relaying... security issues
- From: John Oliver, Jr. [MVP]
- Re: allowing relaying... security issues
- Prev by Date: Re: DST update for Exchange 2003 and Outlook 2003
- Next by Date: Re: Exchange DST 930879
- Previous by thread: Question on Time zone settings on mailboxes
- Next by thread: Re: allowing relaying... security issues
- Index(es):
Relevant Pages
|
