Re: More questins on SMTP spam attacks.

A user comes into my SMTP server, using a userid and password. The
userid/password is no longer valid (it was at one time, but not
anymore).

The spammers still come to the SMTP server, and (attempt) to send
emails. The SMTP server accepts the emails, then bit-buckets them.

That's incorrect. If your session is not authenticated via (valid)
SMTP AUTH credentials or because your session is coming from a
pre-authenticated source IP, IIS will only accept messages for domains
_for which it does not require authentication_. You cannot submit mail
for domains that require authentication before relaying.

That is what "requiring authentication" means, and it occurs during
the original SMTP submission attempt. There is no post-acceptance,
pre-delivery bit-bucketing; IIS SMTP has no such feature. If a message
does get accepted for delivery, it's not a fakeout: it means
authentication was not required for delivery to the recipient domain,
and delivery will indeed be attempted to the recipient domain. If the
recipient turns out to be unreachable, _and the sender is also
unreachable_ for a bounce notification, then mail will be placed in
\Badmail. That is not the same as simply bit-bucketing the original
message. It's the result of a double-bounce.

Don't know what could be leading you to believe that the
authenticated/unauthenticated state is interpreted after submission,
as opposed to during the attempt to submit. True, that state can be
made available to other (3rd-party) anti-spam programs that may
process mail after acceptance and take corresponding action (such as
whitelisting authenticated submissions), but that's not what we're
talking about.

--Sandy


------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
------------------------------------
.

Relevant Pages

  • sendmail client side smtp authentication problem
    ... sendmail client side smtp authentication problem ... made and installed cf, restarted sendmail, ... # Resolve map (to check if a host exists in check_mail) ...
    (freebsd-questions)
  • Re: SMTP Authentication.
    ... require a SMTP server to send out emails. ... Actually authentication won't stop SPAM if the spammer figures out the ... SMTP connector. ... We cannot use MS Exchange SMTP Server as the From address needs to match ...
    (microsoft.public.exchange.admin)
  • RE: SMTP-mail.btconnect.com
    ... The problem is SMTP authentication. ... OUTBOND security settings of the SMTP properties. ... couldnt send emails for 48 hours and they even didnt know i could send email ... > send an email using the SMTP commands. ...
    (microsoft.public.windows.server.sbs)
  • Re: Outlook could not logon to the outgoing mail server - Exchange server
    ... In the Exchange System Manager go to the SMTP Protocol --> Default ... Based on my experience,I think The root cause is your smtp server have been ... configured to require authentication,but your outlook 2003 and outlook ... express authentication are not being configured on the client. ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange SMTP Hole?
    ... Maybe authenticated SMTP using some weak credentials? ... A worrisome new kind of attack is making the rounds on the ... 2000 Server have relaying turned off by default!" ... authentication on any SMTP virtual server that faces the Internet. ...
    (Focus-Microsoft)
Loading