Re: More questins on SMTP spam attacks.

From: PeterD <peter2@xxxxxxxxxx>
Date: Mon, 14 Apr 2008 12:54:56 -0400

On Mon, 14 Apr 2008 12:17:03 -0400, "Sanford Whiteman"
<swhitemanlistens-software@xxxxxxxxxxxxxxxxxxxxx> wrote:

Right from teh box, if a user fails to authenticate, SMTP accepts teh
message from teh user but doesn't send it.

Not if correctly configured. A 550 error will be returned if the
recipient domain is not allowed for relay, and any subsequent DATA command
will be discarded.

What settings have you used to lock down relaying?

--Sandy

------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
------------------------------------

The standard recommended settings:

Authentication

Annonymous (so we can receive emails from other SMTP server)
Basic (most users)
Integrated Windows Authentication (some users use this)

Relay:

* Only list below (list is empty)

Allow Authenticated computers to relay. (and as we know, an anonymous
users is not an authenticated user...)

Note:

The spammer can't send emails, they don't get relayed, but the sender
is never notified that the attempt fails. There was logic behind that
(it allowed SMTP to mask a userid/password attack, since it never told
that the user's attempt failed!) But now we see the problem that the
spammer connects with bad credentials, and is able to drop his message
to the SMPT server. That ties up bandwidth, and wastes our resources.

I tried an experiment: I blocked the spammer's IP address at the
firewall, and that resulted in the spammer moving to another IP
address. This attack is a botnet for sure, with a controller somewhere
that is telling each bot which SMTP server to try to use. When a bot
finds it cannot access a given server the controller gives that
server's address and info to another bot in an attempt to continue the
spam attack.

.

Follow-Ups:
- Re: More questins on SMTP spam attacks.
  - From: Sanford Whiteman

References:
- More questins on SMTP spam attacks.
  - From: PeterD
- Re: More questins on SMTP spam attacks.
  - From: Sanford Whiteman

Prev by Date: Re: More questins on SMTP spam attacks.
Next by Date: Re: Unable to create new SMTP virtual server
Previous by thread: Re: More questins on SMTP spam attacks.
Next by thread: Re: More questins on SMTP spam attacks.
Index(es):
- Date
- Thread

Relevant Pages

Re: remote POP3 clients unable to use SMTP
... relay only? ... your SMTP server accepts connections from all senders, ... Can you reproduce this with a POP client on your LAN? ... how did you set up the SMTP server authentication? ...
(microsoft.public.exchange2000.admin)
Re: OUT OF MEMORY INETINFO: Does anyone have the answer yet?????
... authenticate to relay, ... They need to configure their email client for outbound SMTP authentication. ... if an account has a weak password, an attacker may be able to guess/brute ... If you want a more detailed explanation on securing MS SMTP Server, ...
(microsoft.public.inetserver.iis.smtp_nntp)
Re: HELP! SMTP for IMAP stopped working
... the initial setup to get the RPC over HTTPS so they use IMAP. ... If the authentication was unsuccessful wouldn't I get an error? ... the checkmark for allow relay to authenticated users is still ... using the SMTP server to send mail as long as authentication is ...
(microsoft.public.exchange.setup)
Re: RELAY MAIL
... POP and SMTP server, I only can use Microsoft exchange server inside my ... account of my domain, and I tried to use my domain SMTP server pointing the ... the SMTP server suppose to refuse to relay mail from 1 account that doesn't ... Click on Authentication button: ...
(microsoft.public.exchange2000.protocols)
Re: SMTP Exchange 2k relay authentication
... Authentication required for local delivery'. ... If I supply a username / password then it should be either ... To relay you must first connect, ... relay access to send email to the internet! ...
(microsoft.public.exchange2000.setup.installation)