grep filters to block open relay

Stephen Swaney steve.swaney at
Fri Mar 24 02:27:52 GMT 2006

> -----Original Message-----
> From: mailscanner-bounces at [mailto:mailscanner-
> bounces at] On Behalf Of Kai Schaetzl
> Sent: Thursday, March 23, 2006 7:31 PM
> To: mailscanner at
> Subject: Re: grep filters to block open relay
> Hermit921 wrote on Thu, 23 Mar 2006 14:28:23 -0800:
> > They can't or won't configure Exchange to accept mail only if the
> > recipient address is valid
> AFAIK, Exchange *can* be configured to not be an open relay.
> > at
> The relay tests don't work this way. They will try to send email with some
> tricks to addresses that are not on your machine. This includes tricks
> like the above. But accepting and dropping such a mail will possibly not
> get you on such a list. Only if that mail is received in their spamtrap
> then you qualify as an open relay, just accepting and not forwarding it is
> fine.
> Kai

Actually Exchange before Exchange 2003 cannot be configured to reject email
for unknown users :(

The default install of Exchange 2003 also accepts email for unknown users
and then sends a:

"Sorry, I'm so brain dead that I'll accept email for any address at this
domain but the user you tried to send email to, Viagra at,
doesn't have an account on this server so I'm sending you this useless
message that will sit in my outbound queue for 5 days wasting my resources,
because the address I'm trying to send to is bogus and won't accept the

Message back to the sender of the dictionary attack. It's not even easy to
find out how to configure Exchange 2003 to correctly reject email for
unknown users. That why we put "Milter-ahead and Exchange settings" on our
web site:

I'm not a Microsoft Exchange hater. A lot of companies use it for the very
good reason it does a lot of things very well; if you have the money and
resources to run it. The last firm I consulted for had +100 Exchange servers
and an entire 22,000 sq. ft. floor of MS Exchange administrators.

But I would never connect an Exchange server directly to the Internet. I
came to start FSL after many years of consulting with large Wall Street
Investment houses and I can assure you that:

1. Most Wall Street firms use Exchange
2. None of their Exchange servers are directly connected to the Internet
3. They all behind Unix/Linux gateways

There is a reason for this. These firms have a lot of money to protect and
most of their administrators are pretty good, pretty smart people :)

<End rant>



Stephen Swaney
Fort Systems Ltd.
stephen.swaney at

More information about the MailScanner mailing list