Re: allowing relaying... security issues
- From: "Brad Pears" <bradp@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 6 Mar 2007 16:01:54 -0500
Perfect, thanks for that. I checked the latter, and I do NOT have the
"allow all who authenticate" box checked - so should be good there...
Thanks again, Brad
"John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx> wrote in message
news:91110EF4-11B0-428E-88DB-9D3A3569F00A@xxxxxxxxxxxxxxxx
Brad,
You should be fine with allowing relay to a local IP on your Relay Tab in
your SMTP VS. Be sure that only the list below is checked and the IP of
the local Win2k machine is in the box. I would also uncheck "those who
succesfully authenticate" if you have not POP3 users. I have seen
spammers get authenticated by cracking an account.
--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2007
Microsoft Certified Partner
"Brad Pears" <bradp@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%233AzA12XHHA.208@xxxxxxxxxxxxxxxxxxxxxxx
We are using Exchange 2000 on an SBS 2000 machine.
We signed up with Spam Soap - an outside company to provide
incoming/outgoing SMTP mail filtering . As part of their service, you
also configure them as a "smart host". This is configured in the virtual
SMTP Server area - in the advanced options for delivery. Also, in order
to have this work properly, the SMTP Connector we had configured in the
'Connectors' area also had to be removed.
We have an in-house VB .net application that automatically sends
auto-generated emails. This particular application is configured and
running as a service on a small Win2K server. In the code we send the
mail out using our Exchange 2000 server. This was all working just fine
until I removed the SMTP connector and configured the smart host
information in the SMTPVS area. Once that was done, we were completely
unable to auto send any emails OUTSIDE the company. The error was
similiar to the following...
ERR-SendEmail-The server rejected one or more recipient addresses. The
server response was: 550 5.7.1 Unable to relay for
{username}@{domainname}.
(Note: We could send email internally using this service no probs - only
messages being sent outside the company domain failed)
Now, the way I was able to resolve this was to allow 'relaying' for the
IP address of the Win2K machine sending these emails via the custom
service. I configured relaying in the Virtual SMTP server settings,
Access->Relay settings. I granted relay access ONLY to the WIn2K machine
that is sending these emails and it works just fine again.
My question is this...In the past I have heard that it is not a good
thing to allow relaying due to the security risks of allowing this. Since
I have now allowed relaying (but only for the one machine) am I now
opening us up to security issues?? Obviously if we need to allow relaying
it needs to be so, but I just wonder how big of a security risk this will
really be for us - keeping in mind the fact that we are sending all mail
through a smart host... I am thinking this configuration should keep us
pretty protected from someone finding and using this machine to send
their own emails (i.e spammers)
What are peoples thoughts on this issue??
Thanks, Brad
.
- References:
- allowing relaying... security issues
- From: Brad Pears
- Re: allowing relaying... security issues
- From: John Oliver, Jr. [MVP]
- allowing relaying... security issues
- Prev by Date: Re: Deny emails for Room Mailbox
- Next by Date: Re: IMF now blocking emails with PDF attachments
- Previous by thread: Re: allowing relaying... security issues
- Next by thread: DST and Exchange 5.5
- Index(es):
Relevant Pages
|
