Re: Event 4007 Warnings

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 08/19/04 

Date: Thu, 19 Aug 2004 14:08:01 +1000

You should allow unauthenticated relay only for those IP addresses that
reside in your trusted network.

Users who are outside your network (eg "on the road" or at home) should be
required to authenticate -or- use a VPN to tunnel into the external network.

Otherwise, you have no way of knowing which users connecting are legitimate,
and which are using your mail server as a spam relay. Once spammers know
that your machine is an open relay, you'll get blacklisted, and won't be
able to send email out anywhere.

Cheers
Ken

<anonymous@discussions.microsoft.com> wrote in message
news:88e001c48594$50e81ea0$a501280a@phx.gbl...
>I keep getting event 4007 warnings from the smtpsvc. I get
> about 20 or so a day. Here is an example of one of the
> errors:
>
> "Message delivery to the host '209.142.136.72' failed
> while delivering to the remote domain 'freechal.com' for
> the following reaons: An SMTP protocol error occurred.
> The SMTP verb which caused the error is 'MAIL'. The
> response from the remote server is '553 5.3.0 [my mail
> server's IP]ERROR:550 You appear to have an open proxy or
> trojan horse sending spam."
>
> Instead of the response from the remote mail server being
> error 550, most of them just say "Domain of sender address
> <some random email address> does not exist."
>
> I think this means that people are using my server as a
> relay to send spam mail. Is there any way to stop this or
> to at least stop these warnings from popping up all the
> time without requiring authentication before accepting the
> mail? I'd really would hate to have to explain to all my
> users how to turn on the setting for that in their email
> clients. Is that the best course of action though? Thanks.
>
>

Relevant Pages

  • Re: Anti-spam filters
    ... be nice to have a multi-user anti-spam system which can have per-user DB. ... There is no per-user procmailrc, all I use procmail for is to crudely detect mail with dubious attachments and file them in the user's windwoes folder, stuff marked up by spamassassin goes to their spam folder and the rest to inbox. ... My frontline mail server no longer accepts mail to herakles.homelinux.org. ... Therefore, when I'm checking my logs and see an attempt to break in using ssh, or send spam I have no hesitation in blocking the entire network as revealed by whois. ...
    (Fedora)
  • Re: blueyonder decide who can email you
    ... > There are lots of ways by which spammers can sneak spam through nodes ... > of problem for the network access provider which it uses. ... mail server, but given that I teach this stuff... ...
    (uk.telecom.broadband)
  • Re: TCPIP Services for OpenVMS V5.4 ECO1 anti spam feature
    ... Outblaze is known for prompt nuking of spammers or blocking of any spam ... You can not trust the I.P. address that a relay that delivers spam to ... Essentially they are expecting that if the mail server accepted the ...
    (comp.os.vms)
  • Re: Enforce check_relay ruleset
    ... SMTP connection is made to the mail server. ... the relay server is allowed to ... relay to our network ...
    (comp.mail.sendmail)
  • Re: How to SMTP (Email) Server Fedora 6?
    ... all mail to a central mail server, and all users on the network to ... to run on a network machine. ... mail server without specific configuration are gone. ... chances are you have to relay though your ISP's ...
    (Fedora)