iliko
asked on
MS Exchange - unknown recepient for non-existing addresses
Problem:
Telnet mymail.com 25
220 mymail.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.211 ready at Thu, 24
Mar 2005 17:11:49 +0400
helo aaa
250 mymail.com Hello [X.X.X.X]
mail from: nobody
250 2.1.0 nobody@mymail.com....Sende
rcpt to: administrator
250 2.1.5 administrator@mymail.com
data
354 Please start mail input.
THIS IS A TEST
.
250 Mail queued for delivery.
--------------------------
But on the MDAEMON mail server I have following:
<SKIPPED>
mail from: nobody
550 <nobody@mymail.com>, Sender unknown
Why I can send mail from unknown users (nobody) to the local recepients ?
I have relay closed on my exchange (unable to relay for non-aunteticated users)
I have recepient filtering on
Is this MS Exchange problem or I can sort it out ?
Cheers
ASKER
Is this mean: everybody can telnet into my Exchange machine and send me email from abusing receipient names ?
And I can overcome this only using GFI Nail Essentials or similar 3-rd party software ?
But why Mdaemon prevent from sending messages in this way ?
And I can overcome this only using GFI Nail Essentials or similar 3-rd party software ?
But why Mdaemon prevent from sending messages in this way ?
NDR attacks are quite common against an Exchange server. Some people want to accept email for any user at their domain, so spammers take advantage of that.
Exchange 2003 has a built in filtering option which can do the LDAP lookups for you, but with Exchange 2000 you must use 3rd party.
Why? You will have to ask the Exchange developers. That is the way that it is, and we have to live with it.
Simon.
Exchange 2003 has a built in filtering option which can do the LDAP lookups for you, but with Exchange 2000 you must use 3rd party.
Why? You will have to ask the Exchange developers. That is the way that it is, and we have to live with it.
Simon.
ASKER
I am not receiving NDR's, I am receiving messages from NOBODY@ANYTHING.COM !
By the way I have Exchange 2003 - is this mean I can prevent these issues with LDAP filtering ?
Of course I can close sender's IP/subnet on the firewall, but this is not the right solution ...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Exchange will always accept email destined for it, then NDR it later.
It also doesn't matter what you put in the "From" line, as Exchange doesn't use that as a validation - how can it?
The only way to stop it accepting email for non existent users is to use a third party tool that can do LDAP lookups. GFI Mail Essentials can do that, there are probably some others that can as well.
Simon.