RE: Relaying - background?
You know what I mean. Steve Martin Some people have such a way with words. Other people.don't have way /Steve Martin -Original Message- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: Saturday, November 17, 2001 8:52 PM To: MS-Exchange Admin Issues Subject: RE: Relaying - background? Don't you mean the other way around, that they have to come from your domain. And or be in your domains IP range. You MTA has to be able to send to anyone. It is a matter of who can send. And what they have to do to send. Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Arnold, Jamie [mailto:[EMAIL PROTECTED]] Sent: Saturday, November 17, 2001 5:19 PM To: MS-Exchange Admin Issues Subject: RE: Relaying - background? Isn't it more of a domain restriction than a user restriction? I close the realyin on mydomain.com, you telnet to my box and try to send to somwhere other than mydomain.com and you're restricted. I could easily be wrong. J -Original Message- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 11:59 PM To: MS-Exchange Admin Issues Subject: RE: Relaying - background? Non open Relaying requires a user to login to the server, have an account on the server and have rights to that account. So only Joe can send email from Joe, when Joe is logged in as Joe. The other method is to restrict based on Ip so Joe can only send email if he lives on a 10.0.0.x ip range else he can't sent nothing. Open relay means the server does not care it will send anything from anyone. Joe can send messages from sally to anyone he wants to. The server is purely a MTA. Does that help? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Bob Peitzke [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 2:09 PM To: MS-Exchange Admin Issues Subject: Relaying - background? Recently one of my users forwarded me a couple of NDR messages she got, containing stuff like recipient name is not recognized, 550, Relaying denied, user unknown. Our Exchange 5.5/SP3 server is not an open relay, and we are cool with all the ORDB ~ databases, FWIW. This got me wondering about how relaying really works. I know that incoming mail destined for addresses in our domain go to our server, identified by the MX record in our ISP's DNS tables. I know that outgoing mail from our server goes to a mail server at our ISP, which forwards it to other servers in the appropriate domains - but I don't know how our server knows which mail server at our ISP to send stuff to. Our IMS is set up to use DNS for message delivery, not to forward to a specific host. Another part I don't understand is how SPAM works - if our server was an open relay, how would a spammer send messages to our server, but have them addressed to recipients in a different domain? I.e. where is the separate information on mail server to send to and ultimate recipient? I've dug around some in Technet and various knowledge bases, but haven't been able to find any illuminating background on how relaying and spamming works. I'd love to read up on it, if anyone has a pointer to a relevant article. TIA have a nice weekend! Bob Peitzke List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Relaying - background?
Another related question ... Most of the spam messages we get have covered their tracks - when I look at the properties of the sender or recipient, they are not valid smtp addresses. How do they do that? Again, just a pointer to an article or KB; I'm willing to dig, just want to know where. Bob -Original Message- From: Bob Peitzke [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 2:09 PM To: MS-Exchange Admin Issues Subject: Relaying - background? Recently one of my users forwarded me a couple of NDR messages she got, containing stuff like recipient name is not recognized, 550, Relaying denied, user unknown. Our Exchange 5.5/SP3 server is not an open relay, and we are cool with all the ORDB ~ databases, FWIW. This got me wondering about how relaying really works. I know that incoming mail destined for addresses in our domain go to our server, identified by the MX record in our ISP's DNS tables. I know that outgoing mail from our server goes to a mail server at our ISP, which forwards it to other servers in the appropriate domains - but I don't know how our server knows which mail server at our ISP to send stuff to. Our IMS is set up to use DNS for message delivery, not to forward to a specific host. Another part I don't understand is how SPAM works - if our server was an open relay, how would a spammer send messages to our server, but have them addressed to recipients in a different domain? I.e. where is the separate information on mail server to send to and ultimate recipient? I've dug around some in Technet and various knowledge bases, but haven't been able to find any illuminating background on how relaying and spamming works. I'd love to read up on it, if anyone has a pointer to a relevant article. TIA have a nice weekend! Bob Peitzke List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Relaying - background?
Not really. I think I was sorta clear on relaying control restrictions. What I don't understand is how a spammer directs his mail notes to my mail server, when they are addressed to recipients in many other domains. E.g. the recipient in each mail note is [EMAIL PROTECTED], which is not our domain. Where does he tell his mail server to send such notes to my domain? Ummm ... wait a minute, I think a light is going on ... Let me try this out ... The spammer runs a program that probes IP addresses for open mail relaying, probably by trying to telnet to them and do some smtp commands (don't know exactly what commands). Then having found a mail server that is an open relay, he configures the IMS (or equiv) of his mail server to forward messages to the IP address of that mail server. If that mail server is still an open relay, it blindly forwards the messages to the destination domain mail servers, whose IP addresses it got by ... ummm, not sure how - must involve DNS somehow. Can't be as simple as a rule like prepend 'mail' to make 'mail.somedomain.com', could it? Most email addresses use host hiding name forms. E.g. mine is [EMAIL PROTECTED], not [EMAIL PROTECTED]. So I'm fuzzy on that part. Am I on the right track? - Bob dim bulb Peitzke -Original Message- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 8:59 PM To: MS-Exchange Admin Issues Subject: RE: Relaying - background? Non open Relaying requires a user to login to the server, have an account on the server and have rights to that account. So only Joe can send email from Joe, when Joe is logged in as Joe. The other method is to restrict based on Ip so Joe can only send email if he lives on a 10.0.0.x ip range else he can't sent nothing. Open relay means the server does not care it will send anything from anyone. Joe can send messages from sally to anyone he wants to. The server is purely a MTA. Does that help? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Bob Peitzke [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 2:09 PM To: MS-Exchange Admin Issues Subject: Relaying - background? Recently one of my users forwarded me a couple of NDR messages she got, containing stuff like recipient name is not recognized, 550, Relaying denied, user unknown. Our Exchange 5.5/SP3 server is not an open relay, and we are cool with all the ORDB ~ databases, FWIW. This got me wondering about how relaying really works. I know that incoming mail destined for addresses in our domain go to our server, identified by the MX record in our ISP's DNS tables. I know that outgoing mail from our server goes to a mail server at our ISP, which forwards it to other servers in the appropriate domains - but I don't know how our server knows which mail server at our ISP to send stuff to. Our IMS is set up to use DNS for message delivery, not to forward to a specific host. Another part I don't understand is how SPAM works - if our server was an open relay, how would a spammer send messages to our server, but have them addressed to recipients in a different domain? I.e. where is the separate information on mail server to send to and ultimate recipient? I've dug around some in Technet and various knowledge bases, but haven't been able to find any illuminating background on how relaying and spamming works. I'd love to read up on it, if anyone has a pointer to a relevant article. TIA have a nice weekend! Bob Peitzke List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Relaying - background?
Isn't it more of a domain restriction than a user restriction? I close the realyin on mydomain.com, you telnet to my box and try to send to somwhere other than mydomain.com and you're restricted. I could easily be wrong. J -Original Message- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 11:59 PM To: MS-Exchange Admin Issues Subject: RE: Relaying - background? Non open Relaying requires a user to login to the server, have an account on the server and have rights to that account. So only Joe can send email from Joe, when Joe is logged in as Joe. The other method is to restrict based on Ip so Joe can only send email if he lives on a 10.0.0.x ip range else he can't sent nothing. Open relay means the server does not care it will send anything from anyone. Joe can send messages from sally to anyone he wants to. The server is purely a MTA. Does that help? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Bob Peitzke [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 2:09 PM To: MS-Exchange Admin Issues Subject: Relaying - background? Recently one of my users forwarded me a couple of NDR messages she got, containing stuff like recipient name is not recognized, 550, Relaying denied, user unknown. Our Exchange 5.5/SP3 server is not an open relay, and we are cool with all the ORDB ~ databases, FWIW. This got me wondering about how relaying really works. I know that incoming mail destined for addresses in our domain go to our server, identified by the MX record in our ISP's DNS tables. I know that outgoing mail from our server goes to a mail server at our ISP, which forwards it to other servers in the appropriate domains - but I don't know how our server knows which mail server at our ISP to send stuff to. Our IMS is set up to use DNS for message delivery, not to forward to a specific host. Another part I don't understand is how SPAM works - if our server was an open relay, how would a spammer send messages to our server, but have them addressed to recipients in a different domain? I.e. where is the separate information on mail server to send to and ultimate recipient? I've dug around some in Technet and various knowledge bases, but haven't been able to find any illuminating background on how relaying and spamming works. I'd love to read up on it, if anyone has a pointer to a relevant article. TIA have a nice weekend! Bob Peitzke List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Relaying - background?
Dont you mean the other way around, that they have to come from your domain. And or be in your domains IP range. You MTA has to be able to send to anyone. It is a matter of who can send. And what they have to do to send. Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Arnold, Jamie [mailto:[EMAIL PROTECTED]] Sent: Saturday, November 17, 2001 5:19 PM To: MS-Exchange Admin Issues Subject: RE: Relaying - background? Isn't it more of a domain restriction than a user restriction? I close the realyin on mydomain.com, you telnet to my box and try to send to somwhere other than mydomain.com and you're restricted. I could easily be wrong. J -Original Message- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 11:59 PM To: MS-Exchange Admin Issues Subject: RE: Relaying - background? Non open Relaying requires a user to login to the server, have an account on the server and have rights to that account. So only Joe can send email from Joe, when Joe is logged in as Joe. The other method is to restrict based on Ip so Joe can only send email if he lives on a 10.0.0.x ip range else he can't sent nothing. Open relay means the server does not care it will send anything from anyone. Joe can send messages from sally to anyone he wants to. The server is purely a MTA. Does that help? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Bob Peitzke [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 2:09 PM To: MS-Exchange Admin Issues Subject: Relaying - background? Recently one of my users forwarded me a couple of NDR messages she got, containing stuff like recipient name is not recognized, 550, Relaying denied, user unknown. Our Exchange 5.5/SP3 server is not an open relay, and we are cool with all the ORDB ~ databases, FWIW. This got me wondering about how relaying really works. I know that incoming mail destined for addresses in our domain go to our server, identified by the MX record in our ISP's DNS tables. I know that outgoing mail from our server goes to a mail server at our ISP, which forwards it to other servers in the appropriate domains - but I don't know how our server knows which mail server at our ISP to send stuff to. Our IMS is set up to use DNS for message delivery, not to forward to a specific host. Another part I don't understand is how SPAM works - if our server was an open relay, how would a spammer send messages to our server, but have them addressed to recipients in a different domain? I.e. where is the separate information on mail server to send to and ultimate recipient? I've dug around some in Technet and various knowledge bases, but haven't been able to find any illuminating background on how relaying and spamming works. I'd love to read up on it, if anyone has a pointer to a relevant article. TIA have a nice weekend! Bob Peitzke List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Relaying - background?
Bob, You stated: I know that outgoing mail from our server goes to a mail server at our ISP, which forwards it to other servers in the appropriate domains - but I don't know how our server knows which mail server at our ISP to send stuff to. Our IMS is set up to use DNS for message delivery, not to forward to a specific host. This is contradictory. If your IMS is set up to use DNS, your server does a DNS lookup for the MX record for the recipient's domain. Your server then establishes a direct connection to that server to transfer the message. If you were forwarding to a specific host, DNS would not be used and the mail would be sent to a (hopefully properly configured) relay server at your ISP. What happens on a open relay: A SMTP mail message is sent to your server and your server blindly sends it on to the the recipient's e-mail domain. How does it happen? If your server is not directed to only accept SMTP mail for individuals listed in your GAL (in your domain), it will be an open relay and it will attempt to get the message to the intended destination. By configuring your IMS to only accept mail for your domain name, your server will send a '550 relaying denied' message back to the system that sent the message to it. How can you perform relaying? Find a server that allows open relay. There are automated tools for this. Grab your SMTP server package of choice. (There are also client packages that can be used like this.) Set it up to point to the open relay you found (essentially saying 'forward to this host'). SPAM away. Your server can be set up so it doesn't care if the From: address is vaild. It can even be blank in some cases, but some servers will flag that as a looping message and kill it. Most servers on the Internet don't check to see if the sending domain is valid (has a valid MX record) and there isn't an efficient way for them to determine if the user at that domain is valid either. Bruce Epper ASARCO, Inc. Network Analyst/DBA 520-798-7569 --- The big difference between sex for money and sex for free is that sex for money costs less. - Brendan Francis # This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal For more information please visit www.marshalsoftware.com # List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Relaying - background?
Non open Relaying requires a user to login to the server, have an account on the server and have rights to that account. So only Joe can send email from Joe, when Joe is logged in as Joe. The other method is to restrict based on Ip so Joe can only send email if he lives on a 10.0.0.x ip range else he can't sent nothing. Open relay means the server does not care it will send anything from anyone. Joe can send messages from sally to anyone he wants to. The server is purely a MTA. Does that help? Kevinm M WLKMMAS, UCC+WCA, CKWSE -Original Message- From: Bob Peitzke [mailto:[EMAIL PROTECTED]] Sent: Friday, November 16, 2001 2:09 PM To: MS-Exchange Admin Issues Subject: Relaying - background? Recently one of my users forwarded me a couple of NDR messages she got, containing stuff like recipient name is not recognized, 550, Relaying denied, user unknown. Our Exchange 5.5/SP3 server is not an open relay, and we are cool with all the ORDB ~ databases, FWIW. This got me wondering about how relaying really works. I know that incoming mail destined for addresses in our domain go to our server, identified by the MX record in our ISP's DNS tables. I know that outgoing mail from our server goes to a mail server at our ISP, which forwards it to other servers in the appropriate domains - but I don't know how our server knows which mail server at our ISP to send stuff to. Our IMS is set up to use DNS for message delivery, not to forward to a specific host. Another part I don't understand is how SPAM works - if our server was an open relay, how would a spammer send messages to our server, but have them addressed to recipients in a different domain? I.e. where is the separate information on mail server to send to and ultimate recipient? I've dug around some in Technet and various knowledge bases, but haven't been able to find any illuminating background on how relaying and spamming works. I'd love to read up on it, if anyone has a pointer to a relevant article. TIA have a nice weekend! Bob Peitzke List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm