Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Understanding relay
  FAQ FAQ  Forum Search   Register Register  Login Login

Understanding relay

 Post Reply Post Reply
Author
chinabee View Drop Down
Groupie
Groupie


Joined: 07 February 2005
Status: Offline
Points: 50
Post Options Post Options   Thanks (0) Thanks(0)   Quote chinabee Quote  Post ReplyReply Direct Link To This Post Topic: Understanding relay
    Posted: 02 September 2003 at 12:10pm

The way that SpamFiler handles relay bothers me.

If I add 'mycompany.com' in 'white list', 'local domains', anybody can just use my server as an open relay as long as they use 'xyz@mycompany.com' as their FROM address?

 

 

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4066
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 02 September 2003 at 4:47pm

If your mail system is configured properly there is usually no need to have your own domain in a whitelist. Doing that will not make you an open relay if spammers fake their from address, but they will be able to send you spam without being filtered.

If configured properly, your users will have your existing SMTP server as their "outgoing mail server" in their email client configuration, thus will bypass SpamFilter and will send email directly to your smp server. Legitimate senders who have @mycompany.com in their from will be your own customers, who need not go thru spamfilter to deliver email to themselves.

Roberto F.
LogSat Software

Back to Top
chinabee View Drop Down
Groupie
Groupie


Joined: 07 February 2005
Status: Offline
Points: 50
Post Options Post Options   Thanks (0) Thanks(0)   Quote chinabee Quote  Post ReplyReply Direct Link To This Post Posted: 02 September 2003 at 5:23pm

I think you have got it wrong. 'mycompany.com' is not in the 'white list'. It is in 'Local Domain'. If I delete it, nobody would be able to send me anything.

The thing is that anybody could just use my Spamfilter as a relay as long as they have 'xyz@mycompany.com' in their FROM field.

The problem is really due to the fact that SpamFilter does not use IP addresses to stop relay like almost any other SMTP programs.

To counter this problem, I have to have 1 machine hosting SMTP, another hosting Spamfilter, then open an inbound port 25 on my firewall to the Spamfilter, but outbound 25 only from SMTP server.

This way the Spamfilter becomes 'receive only', while my SMTP server is responsible for sending emails.

It would be nice to have 1 machine rather than 2.

Back to Top
abel View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote abel Quote  Post ReplyReply Direct Link To This Post Posted: 02 September 2003 at 8:55pm
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4066
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 02 September 2003 at 9:34pm

Sorry, from your post I thought you had entered the domain in both places.

My previous reply is still valid though. If you do not have "mycompany.com" in the domain whitelist, but only in your local domains, nobody is able to use SpamFilter as an open relay. The only thing they can do is to deliver email to the domains in your "local domains" list.

Please note, furthermore, that you can also prevent spammers who fake the "from: email using your domain from spamming your users. There's a handy option that stops all emails where the "from" domain equals the "to" domain.

Also please note that SpamFilter does use IP addresses to stop spammers. It uses IPs to check their presence on blacklists, it uses IPs to perform blocks by country of origin, it uses IPs to block if the reverse DNS is missing.

Regarding your configuration comments, many users use a single server to host SpamFIlter and their SMTP server, there is no need for separate servers. It is even possible to use a single IP on a single server to have both SpamFilter and your SMTP software work on a single server in harmony. Please read the posts on this forum and the sample configs on our website for more info.

Roberto F.
LogSat Software

Back to Top
chinabee View Drop Down
Groupie
Groupie


Joined: 07 February 2005
Status: Offline
Points: 50
Post Options Post Options   Thanks (0) Thanks(0)   Quote chinabee Quote  Post ReplyReply Direct Link To This Post Posted: 04 September 2003 at 9:58am

Yeah, I think you are right. I did some test, and it worked out fine.

Another thing is that I have a SMTP antivirus gateway sitting in my system. The SMTP antivirus software does not listen on any specific IP. So, if I have 2 ip addresses, it will listen on both.

It seems that it is always conflicting with SpamFilter.

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4066
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 04 September 2003 at 9:32pm

If the antivirus application is well written, it should allow you to configure it to listen on a different port, that way SpamFilter listens in on port 25, and then forwards emails to the port the antivirus uses.

If the antivirus app does not allow you the above, if you have your servers behind a good firewall, the firewall can be configured to accept internet requests on port 25, and then forward them to your inside network on a different port, 26 for example. SpamFilter can be configured to listen on port 26, accepts emails, and then forwards them to your antivirus listening on port 25.

A 3rd option is from another post on the forum:

=======================================

Scenario. Two applications need to listen to port 25 on an IP address. The server has multiple IP addresses. One application misbehaves by taking over all IPs on the server on port 25.

Solution. If the well-behaved application (SpamFilter...) is started first, it will use a single IP address on port 25. The bad application starts next, using up all remaning IPs, but without interfering with the 1st one since that IP is already taken.

How? Using the registry, under HKLM\SYSTEM\CurrentControlSet\Services\bad-service-name, add the REG_MULTI_SZ value:
DependOnService
and assign it the name of the good service.

This will cause the bad service to depend on the good service, meaning that it needs to wait for the good service to to start first.

Roberto F.
LogSat Software

 

Back to Top
eric View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote eric Quote  Post ReplyReply Direct Link To This Post Posted: 14 September 2003 at 12:18pm

almost all ms$ produkt are bad socket eaters...

try searching : disable socket pooling in their technet.....

-eric-

///

the only machine with 1+ nic is my firewall,

the only machine with 1+ ip is my firewall

/// 

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.062 seconds.