Free tools to reject unwanted mail at the SMTP level

From: Memet Anwar (memet_at_AIG-LIPPO.COM)
Date: 02/18/04

  • Next message: Zone Labs Product Security: "Zone Labs Security Advisory ZL04-08 - SMTP processing vulnerability"
    Date:         Wed, 18 Feb 2004 16:02:14 +0700
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Hi list,

    I don't agree with people that chose to disable NDR to prevent
    unnecessary load on their Exchange server when receiving mail destined
    to unknown users. The main reason for me (aside of violating the RFC)
    was this method has impact on the legitimate end-users: for example,
    they wouldn't receive a notification when they mispelled one of your
    internal user mail address.

    Now, as summarised by DarrylJR@, there is other alternative beside
    disabling NDR. I prefer the one that uses our SMTP server to abort the
    smtp session by sending 550 back to the connecting client. But since
    Exchange 5.5/2000 (don't know about 2003) doesn't have this option, we
    must use 3rd party software/add-in to implement this.

    For this purpose, I have two free tools that might be useful. One is a
    front-end smtp proxy (useful for Exchange 5.5) and the other is a
    protocol event sink for MS SMTP Service (for Exchange 2000). AFAIR, Both
    of these methods were also mentioned in DarrylJR@ post last week.

    Interested people may download the tools from my site at
    http://www.freewebs.com/mmta/software.htm. Search for IDRSMTPProxy and
    ExUserFilter from there.

    Please excuse that the site is enforced with a monthly bandwidth quota
    (sorry, can't find other free web hosting without ads), so if you found
    it to be no longer available, feel free to mail me and I'll send the
    tool to you by mail.

    Thanks,

    Memet

    -----
    NTBugtraq Editor's Note:

    Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
    -----


  • Next message: Zone Labs Product Security: "Zone Labs Security Advisory ZL04-08 - SMTP processing vulnerability"

    Relevant Pages

    • [NT] Vulnerability in Exchange Server Allows Remote Code Execution (MS05-021)
      ... A remote code execution vulnerability exists in Microsoft Exchange Server ... their choice in the security context of the SMTP service. ...
      (Securiteam)
    • Re: SMTP Sharing HELP!!
      ... If your Recipient Policy applies to Contacts, ... your smtp domainalso in the email addresses tab. ... Are there any KB articles for setting up the Exchange Server on the ...
      (microsoft.public.exchange.setup)
    • Re: Multiple SMTP addresses for uses/messages being rejected
      ... For a normal Exchange server, ... need to manually add one key for the second domain. ... you will see a new key with the second SMTP domain name. ...
      (microsoft.public.exchange2000.admin)
    • Re: ActiveSync warning
      ... in short the binding is wrong on the exchange server. ... I have run it with my local account and with my domain administrator account ... up-to-date notifications on their device until the correct SMTP address is ...
      (microsoft.public.exchange.clients)
    • Re: MS EXchange behind NAT
      ... > server as an Exchange server if we have to. ... >> 1) open smtp on your firewall to internal Exchange. ... >> gateway in your dmz, open smtp from Internet to that box in dmz, open ...
      (microsoft.public.exchange.design)