Understanding Relaying and Spam with Exchange 2000
“Relaying” and “Spam” with Exchange 2000
“Relaying” and “Spam” (not the processed meat) are two subjects that are very dear (or not so dear) to an Exchange Administrator’s heart. Here I am going to attempt to clarify the difference between the two and also discuss some ways that you can protect yourself.
Spam vs. Relaying
Many Administrators think that Spam and Relaying is the same thing - this is not true. They are two completely different beasts and they both need to be tackled differently.
Spam is unwanted email sent to your user’s inbox. This can range from the latest online casino, adult site, timeshare package and thousands of other subjects. The problem with Spam is that it’s using your bandwidth, your storage and it is wasting your users’ time as they read it thinking they have just inherited $2.1m from a Nigerian Banker who was killed in a train wreck a year ago.
When someone on the Internet sends Spam they have no idea who they are sending it to and they are more than likely sending it using a fake email address. This causes problems because the email address they are sending the Spam to, may not exist. What is Exchange going to do? That’s right, it’s going to send a NDR to the sender of the message, but if they are using a fake email address it can’t, so it will end up in your “BadMail” directory.
Your “BadMail” directory is specified on the “Messages” tab of your SMTP Virtual Server. If you have not already specified one then the default location is exchsrvr\mailroot\
Relaying is when someone outside of your organization uses your SMTP server to send mail out over the Internet; it’s a big problem if you have an “Open” Relay because this Relay will be used by other Spammers to send their mail.
The problem with Spammers using your server to send e-mails out over the Internet is that your server’s information will be in the header of the messages and the recipients of these messages will track you down. If you are being used as a Relay the chances are you will be contacted by someone complaining and ultimately you will be “Black Listed”.
When we talk about “Black Lists”, what we mean is simply a list of servers that have been found to have “Open” Relay’s, and many companies block messages from servers that are on the “Black List”. So, when you try to send legitimate e-mails the chances are it will be returned.
Once your server has been placed on a “Black List” is it very hard to be taken off and this could cost your organization a lot of money in lost revenue and you could lose your credibility.
How to Protect Yourself Against Relaying
The good news is that Microsoft Exchange 2000 by default does not allow unauthorized Relaying, so in order to relay through an Exchange 2000 server you must provide a valid username and password.
Now, let’s look at how this is setup by default. Here we will take a look at some of the properties on your SMTP Virtual Server.
On the “Access” tab of your SMTP Virtual Server are a number of options that we will look at.
The first section we’ll look at, can be accessed by clicking on the “Authentication” button, this will present you with the “Authentication” dialogue box (below).
We have three options here, and they should ALL be checked.
One of the common mistakes Administrators tend to make is that they clear the “Anonymous access” checkbox thinking this has something to do with Relaying. What this actually does is it controls who has access to your SMTP service. If you clear this option you will stop other SMTP servers from communicating with yours since they don’t have any other method of authenticating with each other.
The next section - and this is probably the most important, can be accessed by clicking on the “Relay” button from the main “Access” tab of your SMTP Virtual server. The “Relay Restrictions” dialogue box is now displayed (as shown below); the settings you see here are the default settings.
The most important part I speak of is the checkbox at the bottom of the dialogue box - “Allow all computers which successfully authenticate to relay, regardless of the list above”. What this means if checked is, if others can provide a valid username and password they will be able to relay through your server. In other words, if you have a user at home using Microsoft Outlook Express as their POP3 client they will need to specify a valid username and password before they are able to relay through your server.
So, as long as your system looks like the settings we have above, you are not an “Open” Relay! Or are you? There is a case where your system is setup as shown above but it is still used as an “Open” Relay. This would occur if you have an SMTP Connector configured incorrectly. If you have an SMTP Connector go to the “Address Space” tab and it should look like the figure below:
Make sure you do not have the “Allow messages to be relayed to these domains” checked as this will override the settings on your SMTP Virtual server and you will be an “Open” Relay.
If you are worried about being and “Open” Relay, you can use Telnet to test it out. My incoming mail server is called mail.exchangetrainer.com, so I will try and send an e-mail from [email protected] to [email protected] and then see what happens:
Here are the steps:
1. Open a Command Prompt window
2. At the Command Prompt, type Telnet
3. You will now be presented with the Telnet prompt, type OPEN
Notice the server responding with an error message: “Unable to relay for [email protected]”. This is telling me I have a “Closed” Relay.
So, hopefully now you are all locked down and no longer worried about being used as a Relay.
How to Protect Yourself Against Spam
This is a little bit harder to do. Exchange 2000 does not have any good content filtering feature built into it. The only filtering that Exchange 2000 does is based on the email address of the sender, but as we have already discussed, most spammers do not use real email addresses and they also randomly change the address. For more information about filtering based on email addresses take a look at one of the other articles I wrote:
In order to control Spam you need a good Content Filtering/Management package. I would recommend a program called MailEssentials. For more information about MailEssentials take a look at Will Schmied’s article http://www.msexchange.org/pages/articles.asp?art=320.
No Content Filtering/Management package is going to catch all spam and they could also block legitimate emails, but that’s they price you will have to pay, Spam is here to stay.
Here are a couple of things you should educate your users about:
1. If they use newsgroups or mailing lists make sure they use an email address that is not their work address. Many spammers trawl the newsgroups and mailing lists to extract email addresses.
2. Do not respond to the spammer. If they did give you a real address, you would simply be confirming that yours is real as well.
And here is one final tip for your home users that have their own domain. Many companies will sell your email address - although they claim they don’t. If you own your own domain, here is what you could do to find out who is selling your email address:
Let’s say you own domainA.com and you are going to buy something from onlinebooks.com. Create an email alias of [email protected] and use that as your email address when you purchase something from onlinebooks.com. That way when you start getting Spam addressed to [email protected] you know who has sold your email address.
Well, once again my friends my typing fingers are sore. I hope this gives you all something to think about as well as a better understanding on the issues raised. I am looking forward to putting the next article together very soon.