Urgent: Preventing Spammers, but allowing POP users. 1

[Eldaria]

Hi all.

For the first time I realized my server was an open Relay even though I thought I had locked it down.

My problem is this.
I had dissabled Relaying for everyone except if they authenticate.
In this way I thought that it would not be possible to Relay unless you authenticated with the SMTP server.
And from my experience it was not possible. since my POP Users was unable to send E-mail unless they had authentication with the SMTP server set up.

But then I found that the autentication was based on the autentication button, in the Settings for the SMTP Virtual server. and there I had the option Anonymous access. so that actually anyone could still relay. So I dissabled this. but now my server does not allow servers to connect and send e-mails to the users on the server?

Is there no way to set it up like this:
A foreing server/user can connect anonymously and send mails only to users on the domain that the server is member of.
If a server/user connect and want to relay, so send to a user not member of the domain, authentication is nessesary, or mail will be rejected.

Please I ned an urgent answer to this. Reason beeing that I have dissabled all kind of relaying for now, since my server has been listed in various Spam filters, because someone used it for massmailing.
I really hate spam, and I hate even more that i was the tool of spamming.
plz, plz, Help....
Eldaria

http://www.eldaria.net

That was my 25cent** of opinion.

** Inclusive Intrest, tax on interest, Genral tax, Enviromental tax, Tax, and tax on intrest, tax on fees, tax on tax, and other Various taxes and fees.

 

[Davetoo]

To close your open relay, read here:

http://www.microsoft.com/technet/tr...chnet/security/prodtech/mailexch/excrelay.asp

The other thing is that POP3 and SMTP are different beasts. Your users use POP3 to retreive their e-mail and doesn't present a problem. The open relay issue revolves around the SMTP side. As long as the user are authenticating to your Exchange server, then you should be ok. If a user can send e-mail through your SMTP server without authenticating, then recheck the settings indicated in the website above.

 

[Davetoo]

Also, you'll need to set the anonymous back to checked, that's what permits other SMTP servers to communicate and send e-mail to your server. When you're all done, you can go to

http://www.ordb.org/

and follow the instructions to check your server for an open relay.

 

[member 141630]

IMHO, I would add a new virtual SMTP server on say, port 222.
Set the port 25 SMTP server back to normal (i.e. no relaying and no authentication).
ANd then configure the port 222 SMTP server to allow relay but to REQUIRE authentication and no anonymous access), and then configure the clients to use port 222 for SMTP instead of 25, along with username / password.
This will give you a normal mail server feature AND allow relaying. Also you 'security by obscurity' by running an SMTP server on a non standard port.

Do note that the authentication portion of SMTP in Win2K is a Microsoft thing and is not normally supported by other vendors.

Rgds

Phil Blythe

 

[Eldaria]

I went for the Later explenation since the MS article did describe the steps I had already taken.

I have users connectin via ISP dial ups, so I can not restrict based on IP address.

I need to have other servers able to connect and deliver to the local domain.

All of my POP/SMTP users are using MS software, so no problem with Linux clients not working.

So using 2 SMTP Virtual servers one for external servers delivering mail, and one for Users works for me.

Thank you.
Brian. Eldaria

http://www.eldaria.net

That was my 25cent** of opinion.

** Inclusive Intrest, tax on interest, Genral tax, Enviromental tax, Tax, and tax on intrest, tax on fees, tax on tax, and other Various taxes and fees.