Re: Secure SMTP virtual server from spam mail
- From: "Elton Seng Yan Thung" <sengy01@xxxxxxxxxxxx>
- Date: Thu, 4 Oct 2007 08:41:48 +0800
The ports are SMTP, POP3, IMAP, HTTP and HTTPS. We didn't publish FE as our
MX at public but plubish it as web server for mobile users to access OWA. So
that is the only reference and we can't affort to remove it.
We really have to stop the spam mail from passing through FE, any wish to
get helps from all of you.
thousand thanks
"Betelgeuse" <betelgeuse@xxxxxxxxxxxxxx> wrote in message
news:ut3aS9bBIHA.3900@xxxxxxxxxxxxxxxxxxxxxxx
What ports are open on the FE to the world?
What are you advertising for MX in SMTP? If there is any reference to the
FE, I would remove it and see what happens...
"Elton Seng Yan Thung" <sengy01@xxxxxxxxxxxx> wrote in message
news:OwTKl8WBIHA.4656@xxxxxxxxxxxxxxxxxxxxxxx
Our Exchange 2003 system work with the following configuration.
1. Clustered BE at Internal network service all internal users using
outlook(mapi),
2. 2 FE at DMZ works in NLB mode with the following role as RPCover
HTTPS, OWA\OMA\PUSH MAIL, SMTP\POP\IMAP4 for mobile users outside the
LAN. The FE server is also the Local bridge head.
3. All incoming and outgoing email to through a smart host for Anti spam
and anti virus filtering. The smarthost is a linux with send mail
installed. The smarthost is also our public MX server. (We call it linux
here)
With the above configuration, we though we are free from spam mail.
However we discover recently a lot of spam mail coming via FE server
instead of linux. Since the email coming direct to FE, it didn't go
through Linux for filtering. We have tried the follow way to block but
failed.
1. At SMTP Connector, configure BE and all FE as local bridgeheads.
Forward all mail through this connector to Linux. However the incoming
mail pass through FE still go to mailbox direct.
2. At FE - protocol - SMTP - Acess - relay, we restrict allow relay only
list of computers, remove "allow all computers which successful
authenticate to relay, regardless of the list above". With this setting,
I believe we managed to stop the FE from becoming open relay however it
doesn't stop spam mail from pass through it.
3. At FE - Protocol-SMTP- ACCESS-Authentication, We remove anonymous
access and grant permission to all mobile users. We believe by doing so
we can stop spam mail from passing through FE. However all mobile users
are not able to send email from their outlook express (POP3\SMTP\IMAP4).
At the moment, We can't force our mobile users to migrate their mail
client to Activesyn or RPCoverHTTPS. Hence we have to maintain SMTP
virtiual server at FE. We really need to stop the spam mail from passing
through our FE otherwise the investment of Anti spam\virus Linux will be
failed.
We wish to get some advices from you. Please help.
thanks a lot
.
- Follow-Ups:
- Re: Secure SMTP virtual server from spam mail
- From: Rich Matheisen [MVP]
- Re: Secure SMTP virtual server from spam mail
- References:
- Secure SMTP virtual server from spam mail
- From: Elton Seng Yan Thung
- Re: Secure SMTP virtual server from spam mail
- From: Betelgeuse
- Secure SMTP virtual server from spam mail
- Prev by Date: Message tracking log file
- Next by Date: Re: setting a new exchange 2007 send connector to "*" allows outbound email to work.. good or bad to do?
- Previous by thread: Re: Secure SMTP virtual server from spam mail
- Next by thread: Re: Secure SMTP virtual server from spam mail
- Index(es):
Relevant Pages
|
