grep filters to block open relay
hermit921 at yahoo.com
Thu Mar 23 22:44:09 GMT 2006
At 02:33 PM 3/23/2006, John Jolet wrote:
>On Mar 23, 2006, at 4:28 PM, hermit921 wrote:
>>My company put in an Exchange server, which got listed as an open
>>relay. They can't or won't configure Exchange to accept mail only
>>if the recipient address is valid, and they won't put MailScanner
>>in front of Exchange to do that. Please accept this, don't
>>comment, move on.
>>To block open relay functionality, they put pattern matching into
>>place, so destination email addresses such as the ones used by
>>relay-test.mail-abuse.org are rejected. I had never heard of this
>>approach before. It blocks some legitimate email, of course. Is
>>this a common practice, or even a rare practice? Any background
>>information is appreciated.
>I know you can't "fix" the problem....you might mention to them that
>blocking relay REPORTING addresses might keep them off the black
>list, but WON'T stop the spammers looking for open relays...and that
>the legal liability of having that stuff contain THEIR headers is
>significant. especially since the've been notified and KNOW they are
>running an open relay. I would think whoever the compliance officer
>is would want to know about that......
>on topic, that method is going to not be common practice as most of
>US would prefer to fix the underlying problem, as opposed to putting
>polarized lenses on it.
They are not blocking reporting addresses, they are blocking email
addresses in the format used to test an open relay. For instance, to block
user%ibm.com at sun.com they might block anything with a % character followed
by an @ character, with any character allowed in the three other spots. I
don't know if this example is accurate, but you get the general idea.
More information about the MailScanner