grep filters to block open relay

[hermit921]

At 02:33 PM 3/23/2006, John Jolet wrote:

>On Mar 23, 2006, at 4:28 PM, hermit921 wrote:
>
>>My company put in an Exchange server, which got listed as an open
>>relay.  They can't or won't configure Exchange to accept mail only
>>if the recipient address is valid, and they won't put MailScanner
>>in front of Exchange to do that.  Please accept this, don't
>>comment, move on.
>>
>>To block open relay functionality, they put pattern matching into
>>place, so destination email addresses such as the ones used by
>>relay-test.mail-abuse.org are rejected.  I had never heard of this
>>approach before.  It blocks some legitimate email, of course.  Is
>>this a common practice, or even a rare practice?  Any background
>>information is appreciated.
>>
>>hermit921
>I know you can't "fix" the problem....you might mention to them that
>blocking relay REPORTING addresses might keep them off the black
>list, but WON'T stop the spammers looking for open relays...and that
>the legal liability of having that stuff contain THEIR headers is
>significant.  especially since the've been notified and KNOW they are
>running an open relay.  I would think whoever the compliance officer
>is would want to know about that......
>
>on topic, that method is going to not be common practice as most of
>US would prefer to fix the underlying problem, as opposed to putting
>polarized lenses on it.


They are not blocking reporting addresses, they are blocking email 
addresses in the format used to test an open relay.  For instance, to block 
user%ibm.com at sun.com they might block anything with a % character followed 
by an @ character, with any character allowed in the three other spots.  I 
don't know if this example is accurate, but you get the general idea.

hermit921