Who's Using Your Mail Server?

Do you receive a lot of unsolicited email? I do, and I know my inbox and other network resources can do without that unwanted overhead. In most cases, you can ask senders to remove your name from their mailing lists. In other instances, such as when the unwanted mail is blatant spam, senders mask their identity to avoid the potential onslaught of irritated spam recipients.

To help mask an email's origin, spammers often use open mail relays to deliver their mail. In a best-practice scenario, mail servers should send email only from users who belong to one of the mail server's hosted domains. An open relay lets anyone send email regardless of the email's origin or destination. Open mail relays often result in wasted network resources, which equates to wasted time and money.

Open mail relays also let intruders masquerade as a person from within the mail server's organization to send spoofed email. That condition can lead to all sorts of unnecessary headaches, such as an intruder socially engineering your help desk to have them reset an allegedly forgotten password.

Check your mail servers regularly to ensure they're configured securely. Be certain that your servers don't allow relaying from unauthorized systems. Every mail server I've seen lets the administrator restrict mail relaying in some fashion.

For example, Sendmail for NT, a popular mail server ported to Windows from UNIX, is used on many Windows-based networks today. Sendmail for NT has a feature called "Allowed Mail Relays," where the user defines any domains and IP addresses that can relay mail through the server. Post.Office, another popular mail server for Windows networks, also allows easy relay configuration from its Web-based System Configuration menu, which you'll find in the "Restrict Mail Relaying" area.

Many of you probably run Microsoft Exchange Server, and if so, you probably also use its SMTP Relay connector to move mail over the Internet. Microsoft published a document in December 1999 that teaches the reader how to secure Exchange's SMTP mail relay. You can read it here.

If you check your systems and find that you've been inadvertently running an open mail relay, you might want to check the Open Relay Behavior-Modification System (ORBS) Web site. ORBS maintains public databases of reported open mail relays; you can download the databases from its Web site. When someone reports an open relay to ORBS, the organization attempts to notify the server's administrator about its condition. If the mail relay remains open after 30 days, ORBS publishes that server's identity in the downloadable databases. Spammers can use the aged databases to find servers that will send their spam, and many spam-hating network administrators use the databases to block mail from systems that operate open relays. If your systems are listed in an ORBS database, secure your relay and have ORBS remove it from the database.

ORBS also offers information about how to protect your mail servers by incorporating its database as a DNS zone. Click here for more information.

Be sure to visit its "Other Resources" page, where you'll find more information to help with the IIS SMTP Relay, Netscape Messaging Server, and numerous other popular mail transports. Also, take time to read Request for Comments (RFC) 2505, "Anti-Spam Recommendations for SMTP MTAs", which outlines methods to prevent unauthorized mail relaying. Until next time, have a great week.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.