Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: mark_s_tt on August 11, 2006, 05:30:18 PM
-
It seems SME Server will relay to any domain out of the box if the smtp connection was initiated from any machine on the local network.
ie, if you telnet into the server and:
helo spammer.com
mail from: bob@spammer.com
rcpt to: jim@spammersmate.com
data
from: bob
date: 11 Aug 2006
hello
.
SME Server will try and relay the message. This means a virus or trojan on your internal network could relay mail in this way.
Is there an easy way to stop this?
Thanks
-
mark_s_tt
> This means a virus or trojan on your internal network could relay mail in this way.
This is one of the resons that sme server has a smtp proxy, ie to stop virii from propagating.
virus infections on a LAN workstation will not know to use a site specific smtp server ie the sme smtp proxy server. The virus will usually create it's own smtp server in software and try sending direct to the Internet and it will be unsuccessful as it needs to send via the sme smtp proxy. See the release notes for sme 6 & 7.
-
Ray
We use SME Server as a spam filter for our Exchange Server which is set up in the server manager as a delegate, so it's just cleaning incomming mail and forwarding it on the Exchange.
The alarm bells rang when I saw loads of external recipients in the mail logs, which meant SME Server was relaying mail from somewhere on our internal network to external addresses.
Of course it was, it was relaying undeliverables from our Exchange server back to the origonal sender. Something it couldn't do without the SMTP proxy I suppose.
Should have known better than to thwart this mighty peice of software.
Thanks for the response.