Quick Sendmail access question (fwd)

Vlad Mazek vlad at MAZEK.COM
Fri Feb 25 01:05:02 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Those are all valid, but are probably not what you want to include in
the valid inbound SMTP recipients. LDAP query will return addresses from
built-in system accounts, public folders, event config, address books
and other lists, all of which are valid for internal routing within AD.

For the most part, you should only allow mail for VALID smtp recipients,
usually entries like this:
proxyAddresses: smtp:TEST at domain1.com
proxyAddresses: SMTP:TEST at domain2.com

Pay attention to the case; the SMTP (upper-case) is for the default
email address, smtp (lower-case) is for aliases under the same account.
Please remember to strip all known distribution lists from results as
well - opening access to these from the outside through an authenticated
box could make you a wonderful gateway for spam.

-Vlad
ExchangeDefender.com

>
>I've downloaded this (getadsmtp.pl) and have got it running against our AD
>servers (AD/Exchange 2003).  It seems to work as designed and gets all the
>possible addresses I expect to see.
>
>But I also get entries like:
>
>1d9116 at example.com OK
>_1d9116 at example.com OK
>(lots of these...)
>
>and
>OfflineAddressBook-/o=MYDOMAIN/cn=addrlists/cn=oabs/cn=DefaultOf at example.com
>OK
>
>and
>SystemMailbox{24E423AC-A08C-45E8-A40A-7BC7F31278C3}@example.com OK
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list