Solved

SMTP secure

Posted on 2006-11-05
5
294 Views
Last Modified: 2010-03-06
Hi!

We have MS Exchange 2003 and I would like to ask if our SMTP is secure against spam with the below settings of SMTP.
as I quite often find in the Exchange system manager queue, that other servers are trying to send Spam emails using our server - the emails are waiting in the queue for next connection retry - how can I avoid it? I would like these emails to be rejected by our server immediately...

our SMTP settings is:

Authentication:
Anonymous access - CHECKED
Basic authentication (password is send in clear text) - CHECKED
Integrated Windows Authentication - CHECKED

Connection:
All except the list below - CHECKED
(we have the list empty)

Relay:
Only the list below - CHECKED
(the list is empty)
Allow all computer which successfully authenticate to relay, regardless of the list above - CHECKED

thanks!
0
Comment
Question by:pplan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17879172
Hi pplan,

Do you have external users that use your SMTP server to send mail?  If not, untick "Allow all computer which successfully authenticate to relay, regardless of the list above"

Also, set Authentication to anonymous only, then you have the optimal security settings.

The Queues of spam you are seeing are going to be NDR spam, messages send to non-existant users on your domain that are being bounced back (to equally non-existant users).

To cure this, you want to enable recipient filtering and tarpitting -> http://www.msexchange.org/tutorials/Sender-Recipient-Filtering.html

Hope that helps,

-red
0
 

Author Comment

by:pplan
ID: 17879355
thanks for your advices!

we have about 20 email accounts there and people are using these email accounts also when they are travelling abroad, using their laptops (so, we have external users) - how should I set it to be able to use this?

you write:
"The Queues of spam you are seeing are going to be NDR spam, messages send to non-existant users on your domain that are being bounced back (to equally non-existant users)."
THESE EMAILS ARE ADDRESSED TO USERS WITH EMAILS ON OTHER DOMAINS THAN OURS - THE ADDRESSES ARE FOR EXAMPLE ON YAHOO, MSN ETC... - is it OK? arn't these messages delivered somehow through our server as spam?


thanks!
0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 500 total points
ID: 17879417
Your remote users should be using RPC/HTTP.  It is the full outlook client, used from any external connection (no VPN, and very secure).

http://www.amset.info/exchange/rpc-http.asp

POP3 and SMTP are horrible things to use.  Not only do you have no control over the users mail, and cannot restore it if their laptop gets stolen, but they are transmitting EVERYTHING in clear text - including passwords.

As for your queues, they are addressed to external users and if you open one up (enumerate messages from the exchange queues) you will see it is from postmaster@yourdomain.com.

Here is how it happens;  SpammerA sends a mail to UserB (incorrect address on your correct domain) pretending to be from UserC (incorrect address on someone elses domain).  Your server get's this, and tries to notify **UserC** because it thinks that is who sent it.  Because UserC is fake, your server tries (but fails) to let them know their email didn't make it through.

The solution for this, as I mentioned above, is recipient filtering and tarpitting - it will drop all incorrect mail, and alleviate (most of) the problem

-red
0
 

Author Comment

by:pplan
ID: 17879474
thanks a lot for your efforts!
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17879478
You are most welcome :)

-red
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question