Not really. I think I was sorta clear on relaying control & restrictions.
What I don't understand is how a spammer directs his mail notes to my mail server, when they are addressed to recipients in many other domains. E.g. the recipient in each mail note is "[EMAIL PROTECTED]", which is not our domain. Where does he tell his mail server to send such notes to my domain? Ummm ... wait a minute, I think a light is going on ... Let me try this out ... The spammer runs a program that probes IP addresses for open mail relaying, probably by trying to telnet to them and do some smtp commands (don't know exactly what commands). Then having found a mail server that is an open relay, he configures the IMS (or equiv) of his mail server to forward messages to the IP address of that mail server. If that mail server is still an open relay, it blindly forwards the messages to the destination domain mail servers, whose IP addresses it got by ... ummm, not sure how - must involve DNS somehow. Can't be as simple as a rule like "prepend 'mail' to make 'mail.somedomain.com', could it? Most email addresses use host hiding name forms. E.g. mine is "[EMAIL PROTECTED]", not "[EMAIL PROTECTED]". So I'm fuzzy on that part. Am I on the right track? - Bob "dim bulb" Peitzke -----Original Message----- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 8:59 PM To: MS-Exchange Admin Issues Subject: RE: Relaying - background? Non open Relaying requires a user to login to the server, have an account on the server and have rights to that account. So only Joe can send email from Joe, when Joe is logged in as Joe. The other method is to restrict based on Ip so Joe can only send email if he lives on a 10.0.0.x ip range else he can't sent nothing. Open relay means the server does not care it will send anything from anyone. Joe can send messages from sally to anyone he wants to. The server is purely a MTA. Does that help? Kevinm M WLKMMAS, UCC+WCA, CKWSE -----Original Message----- From: Bob Peitzke [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 2:09 PM To: MS-Exchange Admin Issues Subject: Relaying - background? Recently one of my users forwarded me a couple of NDR messages she got, containing stuff like "recipient name is not recognized", "550", "Relaying denied", "user unknown". Our Exchange 5.5/SP3 server is not an open relay, and we are cool with all the ORDB & ~ databases, FWIW. This got me wondering about how relaying really works. I know that incoming mail destined for addresses in our domain go to our server, identified by the MX record in our ISP's DNS tables. I know that outgoing mail from our server goes to a mail server at our ISP, which forwards it to other servers in the appropriate domains - but I don't know how our server knows which mail server at our ISP to send stuff to. Our IMS is set up to use DNS for message delivery, not to forward to a specific host. Another part I don't understand is how SPAM works - if our server was an open relay, how would a spammer send messages to our server, but have them addressed to recipients in a different domain? I.e. where is the separate information on mail server to send to and ultimate recipient? I've dug around some in Technet and various knowledge bases, but haven't been able to find any illuminating background on how relaying and spamming works. I'd love to read up on it, if anyone has a pointer to a relevant article. TIA & have a nice weekend! Bob Peitzke List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
