Quick Sendmail access question

Vlad Mazek vlad at MAZEK.COM
Thu Feb 24 14:12:25 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I guess I'll drop my 2 cents in here since protecting Exchange users (or
protecting users from Exchange) is my business.

First of all, Exchange is designed by default to send non delivery
reports back to the sender; This is something you should disable
outright because it is used to bounce spam messages off addresses
spammers know don't exist. You get a rather legitimate looking error and
then the rest of your spam message inlined. Brilliant! To disable this
behavior, open your Exchange System Manager, expand Global Settings,
Internet Message Format, right click on the Default and select
properties. Under the advanced tab, uncheck "Allow non-delivery reports".

As far as milter-ahead, etc. Its a humangous waste of bandwidth, even in
the largest of the enterprises. Get a listing of valid recipients from
an Exchange admin and program it into your access file; Here is how we
do it:

ldifde -f C:\listing.ldf -s HOSTNAME -d "dc=DOMAIN,dc=TLD" -p subtree -r
"(objectClass=user)" -l "cn,proxyaddresses"

Substitute the hostname, domain, and tld for whatever the name of the
actual Exchange box is. You'll get a listing of valid email addresses.
Parse the file for valid SMTP users and program them into the file like
this:

To:vlad at mazek.com    RELAY
To:spam at mazek.com   RELAY
Tomazek.com      550 REJECT Give some random error here.

If you would like a more evil way of dealing with Exchange and NDR
flooding check out this.


 There is no reason why you can't use your mail system for more evil
check this out http://www.exchangedefender.com/adaptiverbl.asp    - Now
you may argue that its wrong to be evil with a mail system... but if
you're running Exchange already you don't have much of an argument.

-Vlad
ExchangeDefender.com



> In our experience, it saves you in dictionary attacks. I believe it
> watches for things like Exchange dying.
> You can build a list of valid recipients, but it is much more work than
> installing milter-ahead.
>
> But only Exchange 2k3 will reject addresses that don't exist, and even
> then it isn't enabled by default (heaven only knows why not!)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list