Event 4007 Warnings -- iis smtp nntp

anonymous NO[at]SPAM discussions.microsoft.com
8/18/2004 7:29:13 PM

I keep getting event 4007 warnings from the smtpsvc. I get
about 20 or so a day. Here is an example of one of the
errors:

"Message delivery to the host '209.142.136.72' failed
while delivering to the remote domain 'freechal.com' for
the following reaons: An SMTP protocol error occurred.
The SMTP verb which caused the error is 'MAIL'. The
response from the remote server is '553 5.3.0 [my mail
server's IP]ERROR:550 You appear to have an open proxy or
trojan horse sending spam."

Instead of the response from the remote mail server being
error 550, most of them just say "Domain of sender address
<some random email address> does not exist."

I think this means that people are using my server as a
relay to send spam mail. Is there any way to stop this or
to at least stop these warnings from popping up all the
time without requiring authentication before accepting the
mail? I'd really would hate to have to explain to all my
users how to turn on the setting for that in their email
clients. Is that the best course of action though? Thanks.

Ken Schaefer
8/19/2004 2:08:01 PM

You should allow unauthenticated relay only for those IP addresses that
reside in your trusted network.

Users who are outside your network (eg "on the road" or at home) should be
required to authenticate -or- use a VPN to tunnel into the external network.

Otherwise, you have no way of knowing which users connecting are legitimate,
and which are using your mail server as a spam relay. Once spammers know
that your machine is an open relay, you'll get blacklisted, and won't be
able to send email out anywhere.

Cheers
Ken

[quoted text, click to view]

iis smtp nntp : Event 4007 Warnings