Mailshots from Exchange 2007

In  SBS 2008 is there a setting somewhere in ESM that would block
mailshot attempts if say it discovers that there are lots of messages
being sent in short period of time?
yaro

Do you believe that you are being attacked from a spammer relaying

Do you believe that you are being attacked from a spammer relaying messages
through your server to elsewhere or to an internal user account?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.

esngaseNot at all.

es
ng
ase

Not at all. The client has some sort of database software that allows
mailshots through their Exchange system. However, when they try
Exchange is blocking the attempts so they cannot send bulk email to
their customers. The database people reckon the problem lies within
their Exchange server setup and I am not an expert to figure out what is
really going. It worked fine when set up to use their server as the
sending server so it must be something local.
yaro

I see. it is probably a relay issue.

I see. it is probably a relay issue. Where is this database software or
application? Is it within the network or out somewhere on the internet?

Can they configure the application to provide credentials when sending?
This is the common, best secure practice. Create a plain-Jane Domain
User account, mailbox enable it, then use that in the application for
credentials. This is a common practice. I am sure they can figure out
how to do that with CDONTS or some other VB method, or whatever the
application is using.

Other than that, the non-secure method is to allow relay from that
internal IP, which is really not advised, especially from an external
IP, if it gets compromised.

Keep in mind using their own server as a mass-mailer may put them on a
block list. I can imagine your next post a week from now will be, "How
do we get off a block list?"


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE
& MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance,
please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

.sagesamong&pleaseomft.comfor regional support phone numbers.

.
sages
among
&
please
om
ft.comfor regional support phone numbers.

Thing is that it is actually set up this way so there is a separate,
mailbox enabled user account created especially for the software that
indeed runs locally to be used for sending emails. As to blacklisting
I spoke to the client about it already suggesting other solutions but
he is the kind of person that just will not believe it if he cannot see it
so basically he does not care about it right now.
yaro

That's unfortunate the customer does not understand the ramifications.

That's  unfortunate the customer does not understand the ramifications.

Nontheless, so if the app is setup that way, and the SMTP relay
settings are setup to allow relay from the IP, it should work.

You are saying the app is local? On the SBS or a different machine?

Ace

...esount?dtnge,s??

...
es
ount?
d
t
nge
,
s
?
?

Did you allow relay from that additional server's IP?

Did you allow relay from that additional server's IP? Also, I guess we
need to see exactly how the app is providing credentials.

Ace

om...ckagesandfithangece,.wst'soret?ng?rlaowdtSE,

om...
ck
ages
and
fit
hange
ce,
.
ws
t's
or
et?
ng?
r
l
a
ow
d
t
SE
,

How did you set it up to relay from the LAN IPs?

How did you set it up to relay from the LAN IPs?

Have them try and use the account you created for credentials.

Ace

On 12 Feb, 05:24, "Ace Fekay [MVP-DS, MCT]"Oh it is in the ESM Server

On 12 Feb, 05:24, "Ace Fekay [MVP-DS, MCT]"

Oh it is in the ESM Server configuration > Hub Control > Default
Receive Connector > Network.
Where it says Receive mail from remote servers...  I added whole the
LAN IP range in there.
yaro

By default, Exchange 2007 does support relaying of mail for systems

By default, Exchange 2007 does support relaying of mail for systems that
authenticate. To do so, you have to create a separate SMTP Receive
Connector, but that requires an additional IP address, which will cause
problems on SBS because it is a DC. Read the following, please.

Exchange 2007: How to allow relay exceptions | Network ...An SMTP receive
connector is akin to a SMTP virtual server from Exchange 2003 and ... To
allow individual systems to relay mail through your Exchange 2007 ...
http://blogs.techrepublic.com.com/networking/?p=373

How to Allow Anonymous Relay on a Receive Connector: Exchange 2007 ...Jul 2,
2007 ... Ms-Exch-SMTP-Submit. However, to allow anonymous relay on this ...
If Exchange 2007 Service Pack 1 (SP1) is deployed on a computer that is ...
http://technet.microsoft.com/en-us/library/bb232021(EXCHG.80).aspx

Ace

On 16 Feb, 14:35, "Ace Fekay [MVP-DS, MCT]"..y2,....http://technet.microsoft.

On 16 Feb, 14:35, "Ace Fekay [MVP-DS, MCT]"
..
y
2,
..
..http://technet.microsoft.com/en-us/library/bb232021(EXCHG.80).aspx

Thanks again Ace. I found some info on changing the default value of a
property called tarpitinterval. Turned up that modifying this property
makes the system to work pretty well in current configuration.
yaro

That's good to hear. Do you have a link on it to share?ThanksAce

That's good to hear. Do you have a link on it to share?

Thanks

Ace

To add, reading up more on this, it may allow unauthorized relayattempts.

To add, reading up more on this, it may allow unauthorized relay
attempts. This is something I would not be comfortable with setting
even if it resolves the internal app and mailshots requirements. I am
just not comfortable to set something like this that may possibly open
the server up for abuse.

Ace

On 17 Feb, 20:30, Ace Fekay [MVP-DS, MCT]Why do you think it would allow

On 17 Feb, 20:30, Ace Fekay [MVP-DS, MCT]

Why do you think it would allow unauthorized relay? I tested it on
http://verify.abuse.net/cgi-bin/relaytest
and all tests were fine.
yaro

I was not sure. Well, at least it tested clean. :-)Ace

I was not sure. Well, at least it tested clean. :-)

Ace

On 18 Feb, 14:28, "Ace Fekay [MVP-DS, MCT]"OK. Thanks for your help again.yaro

On 18 Feb, 14:28, "Ace Fekay [MVP-DS, MCT]"

OK. Thanks for your help again.
yaro

You are welcome!Ace

You are welcome!

Ace