Re: Firewall suggestion?

From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 09/17/03 

Date: Wed, 17 Sep 2003 16:28:09 GMT

On Wed, 17 Sep 2003 08:36:35 -0700, Michael Gallo spoketh

>I have a customer that is using Exchange 5.5 behind a simple firewall.
>Twice this month people outside the network have crashed the Exchange
>server by trying to use it as a Spam relay. I have relay turned off,
>but the non-delivery reports are queueing up and eat all the space
>until the server drops. I cannot turn off the non-delivery reports.
>What I am looking for is a mail filtering firewall that will look at
>any mail coming in, and just dump anything that is not destined for a
>mail address at the customers domain name. Any suggestions?
>It is a small network - 14 users.
>Mike Gallo

Use a Linux based mail relay server. Simply set up a linux box with
Sendmail (or any other MTA) to be the main incoming mail server. It will
reject any mail for any domain name or user name not explicitly allowed
by the server and deal with the NDRs quite nicely. Then have it forward
all _legit_ mail to the Exchange box.

There's a downside to this: You'll need two e-mail addresses for every
person on the Exchange box, ie lars@yourcompany.com and
lars@exchange.yourcompany.com. The former is the default address, and
the second allows for the forwards from the sendmail box. You'll also
need to keep two lists of all the e-mail addresses; one on the Exchange
box and one on the Linux box. With only 14 people, this can easily be
done manually... If you have more names, you may want to look into
making a script that'll parse through the exported directory from the
Exchange box, and have it output the "alias" file for the Linux box.

As for firewall solution, there's only one firewall that I know of that
has an SMTP proxy where you can specify the acceptable domain name(s),
and that's Symantec Enterprise Firewall. A 25 user license (technically,
25 internal IP address) will set you back about $1200, plus the cost of
a decent computer (another $1500). If the SMTP proxy is configured
correctly, the firewall will take care of dropping connections where the
destination domain name does not match the allowed domain name(s).

Lars M. Hansen
www.hansenonline.net

Relevant Pages

  • Re: Exchange issues
    ... Are you up to date on all your Service Packs, both Windows and Exchange? ... > all traffic on port 25 to the SBS Exhange server. ... I suspected SMTP relaying becuase ... > You should verify that the server really isn't an open relay: ...
    (microsoft.public.exchange2000.admin)
  • Re: Help! Being Used As A Relay
    ... Make sure that your Guest account is disabled. ... Installing malwares on the server that could enable me to ... Oh, remove Relay completely. ... address that exists in your org, your Exchange will deliver the mail. ...
    (microsoft.public.exchange.admin)
  • Re: Relay Question
    ... An open relay ... is an SMTP e-mail server that allows third-party relay of e-mail messages. ... Exchange 2003 is by default configured to prevent open relay. ... Microsoft does not control these sites ...
    (microsoft.public.windows.server.sbs)
  • Re: SMTP Relay Best Practice Question
    ... logging enabled on your Exchange server, and see what is happening when you ... MFP device attempts to relay. ... With such a configuration you can have an open relay ...
    (microsoft.public.exchange.admin)
  • Re: Unable to Receive Email from the internet
    ... Are you running this on Longhorn server? ... Test from outside your firewall: ... Exchange Server 2007: internet email without Edge ... looking at the firewall inbound rules on my LHS. ...
    (microsoft.public.exchange.setup)