| Groups | Blog | Home |
iis smtp nntp : setting up SMTP on 2003 server
we have a website directory for people to contact the advertisers and we are using smtp and ASP. there are only 2 pop3's established, each of which are for our company's normal internal use. so a normal web user sees a company advertised on our website and wishes to contact him - he completes a normal form, and sends an email to the company and to us as CC. the server has the following smtp settings. we have a german server, so i hope i have translated these correctly. 1 single IP address on port 25. access -> authentication - anonymous access -> connection control -> everyone EXCEPT a small list of known urls that have already attacked our system access -> relaying -> everyone EXCEPT a small list of known urls that have already attacked our system relaying -> outgoing security -> anonymous relaying -> extended -> our domainname and as our server does not have it's own dns we are using the smarthost of our provider. both checkboxes under the smarthost field are NOT checked. LDAP -> nothing changed - all left unchecked. security -> administrators, network and local services so my question is how can we stop relay attacks, whilst ensuring a normal websuser can still send an email to 1 or multiple advertisers from our site?
On Wed, 3 Aug 2005 03:05:05 -0700, "nudge"
[quoted text, click to view] <nudge@discussions.microsoft.com> wrote: >hi, > >we have a website directory for people to contact the advertisers and we are >using smtp and ASP. > >there are only 2 pop3's established, each of which are for our company's >normal internal use. > >so a normal web user sees a company advertised on our website and wishes to >contact him - he completes a normal form, and sends an email to the company >and to us as CC. > >the server has the following smtp settings. we have a german server, so i >hope i have translated these correctly. > >1 single IP address on port 25. >access -> authentication - anonymous >access -> connection control -> everyone EXCEPT a small list of known urls >that have already attacked our system >access -> relaying -> everyone EXCEPT a small list of known urls that have >already attacked our system >relaying -> outgoing security -> anonymous >relaying -> extended -> our domainname and as our server does not have it's >own dns we are using the smarthost of our provider. >both checkboxes under the smarthost field are NOT checked. >LDAP -> nothing changed - all left unchecked. >security -> administrators, network and local services > >so my question is how can we stop relay attacks, whilst ensuring a normal >websuser can still send an email to 1 or multiple advertisers from our site? Assuming you didn't allow relays, then you're not relaying. Server 2003 has relays off by default. A better option is to close SMTP incoming in your firewall, if all you do is send out from this system.
hi jeff, and thanks for your reply.
i have done some checks and it looks like we are in fact an "open relay". despite this server going live about 2 months ago, we also seem to be listed on the ORDB. due to the nature of our business, we need website users to send emails to our advertisers - therefore i think we need an open relay. i can't see how i can use authentication. do you have any ides about how to make our system more secure? many thanks i have tried [quoted text, click to view] "Jeff Cochran" wrote:
> On Wed, 3 Aug 2005 03:05:05 -0700, "nudge" > <nudge@discussions.microsoft.com> wrote: > > >hi, > > > >we have a website directory for people to contact the advertisers and we are > >using smtp and ASP. > > > >there are only 2 pop3's established, each of which are for our company's > >normal internal use. > > > >so a normal web user sees a company advertised on our website and wishes to > >contact him - he completes a normal form, and sends an email to the company > >and to us as CC. > > > >the server has the following smtp settings. we have a german server, so i > >hope i have translated these correctly. > > > >1 single IP address on port 25. > >access -> authentication - anonymous > >access -> connection control -> everyone EXCEPT a small list of known urls > >that have already attacked our system > >access -> relaying -> everyone EXCEPT a small list of known urls that have > >already attacked our system > >relaying -> outgoing security -> anonymous > >relaying -> extended -> our domainname and as our server does not have it's > >own dns we are using the smarthost of our provider. > >both checkboxes under the smarthost field are NOT checked. > >LDAP -> nothing changed - all left unchecked. > >security -> administrators, network and local services > > > >so my question is how can we stop relay attacks, whilst ensuring a normal > >websuser can still send an email to 1 or multiple advertisers from our site? > > Assuming you didn't allow relays, then you're not relaying. Server > 2003 has relays off by default. A better option is to close SMTP > incoming in your firewall, if all you do is send out from this system. > > Jeff
On Fri, 5 Aug 2005 01:08:02 -0700, "nudge"
[quoted text, click to view] <nudge@discussions.microsoft.com> wrote: >hi jeff, and thanks for your reply. > >i have done some checks and it looks like we are in fact an "open relay". >despite this server going live about 2 months ago, we also seem to be listed >on the ORDB. > >due to the nature of our business, we need website users to send emails to >our advertisers - therefore i think we need an open relay. i can't see how i >can use authentication. You don't need an open relay. You need to allow relaying for your web server, probably by IP address, but no one else. [quoted text, click to view] >do you have any ides about how to make our system more secure? Have you looked at using a firewall? Jeff [quoted text, click to view] >"Jeff Cochran" wrote:
> >> On Wed, 3 Aug 2005 03:05:05 -0700, "nudge" >> <nudge@discussions.microsoft.com> wrote: >> >> >hi, >> > >> >we have a website directory for people to contact the advertisers and we are >> >using smtp and ASP. >> > >> >there are only 2 pop3's established, each of which are for our company's >> >normal internal use. >> > >> >so a normal web user sees a company advertised on our website and wishes to >> >contact him - he completes a normal form, and sends an email to the company >> >and to us as CC. >> > >> >the server has the following smtp settings. we have a german server, so i >> >hope i have translated these correctly. >> > >> >1 single IP address on port 25. >> >access -> authentication - anonymous >> >access -> connection control -> everyone EXCEPT a small list of known urls >> >that have already attacked our system >> >access -> relaying -> everyone EXCEPT a small list of known urls that have >> >already attacked our system >> >relaying -> outgoing security -> anonymous >> >relaying -> extended -> our domainname and as our server does not have it's >> >own dns we are using the smarthost of our provider. >> >both checkboxes under the smarthost field are NOT checked. >> >LDAP -> nothing changed - all left unchecked. >> >security -> administrators, network and local services >> > >> >so my question is how can we stop relay attacks, whilst ensuring a normal >> >websuser can still send an email to 1 or multiple advertisers from our site? >> >> Assuming you didn't allow relays, then you're not relaying. Server >> 2003 has relays off by default. A better option is to close SMTP >> incoming in your firewall, if all you do is send out from this system. >> >> Jeff >>
The settings you listed in your previous message will allow relaying:
[quoted text, click to view] >access -> relaying -> everyone EXCEPT a small list of known urls that have >already attacked our system This should be set to noone except for a list of allowed sites. On Fri, 5 Aug 2005 01:08:02 -0700, "nudge" [quoted text, click to view] <nudge@discussions.microsoft.com> wrote: >hi jeff, and thanks for your reply. > >i have done some checks and it looks like we are in fact an "open relay". >despite this server going live about 2 months ago, we also seem to be listed >on the ORDB. > >due to the nature of our business, we need website users to send emails to >our advertisers - therefore i think we need an open relay. i can't see how i >can use authentication. > >do you have any ides about how to make our system more secure? > >many thanks > PeterD, the Darkstar Network To email, fix my address!
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |