Different Send/Receive Virus Notifications?
Koopmann, Jan-Peter
jan-peter at koopmann.eu
Tue Mar 27 23:49:14 CEST 2007
On Tuesday, March 27, 2007 10:21 PM Alex Neuman van der Hans wrote:
> IIRC, Exchange would allow messages that are both ("to your domain"
> **and** "apparently from your domain") without authentication since
> it thinks it's the owner of that domain.
Incorrect. You can setup Exchange to accept SMTP traffic to your domains but require SMTP auth for all mails that does not go to your domains.
> Example:
>
> Alice's machine sends a message "from bob at yourdomain.com" and "to
> charlie at yourdomain.com". You spend some time looking at Bob's PC
> while Alice keeps spewing out stuff unknowingly.
Agreed: If you try to deliver mail to recipients in your own domain Exchange will in normal setups not require SMTP auth. Yet on the other hand that is not a typical scenario. If a PC is infected it will typically try to deliver mails to everyone in your adress book and/or other recipients received from botnets. These would not make it through Exchange if you setup SMTP auth.
And what is the problem if your example really happens? MailScanner will try to deliver mails to nonexisting people on your Exchange. Correctly setup exchange will simply reject these at RCPT TO time and that's it. No real harm done. And you can have a look at the Exchange logs and spot the IP of the spamming machine right away.
Kind regards,
JP
More information about the MailScanner
mailing list