Allow only specified e-mail addresses to send mails out.

Allow only specified e-mail addresses to send mails out. (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Server Security

Message

faraz@chillizone.com -> Allow only specified e-mail addresses to send mails out. (10.Jun.2008 2:01:40 AM)
Hi Everyone, How can I allow my exchange server to only except mails from specified e-mail addresses? like in company abc.com running exchange 2003 how can we set only a@abc.com and b@abc.com to send mail through exchange servers? I hope this method will prevent any spam bot viruses(if it is on any machine in our network) to send mails through our exchange server! please advice.

uemurad -> RE: Allow only specified e-mail addresses to send mails out. (10.Jun.2008 9:23:50 AM)
I'm not clear to the scope of what you want. Are you saying that a@abc.com and b@abc.com are internal users? Do you want only those addresses to be able to send messages to the outside world? Do you also plan to limit internal messages? Most spam viruses use SMTP engines to broadcast their messages. You can configure Exchange to accept SMTP only from particular addresses in the internal network.

faraz@chillizone.com -> RE: Allow only specified e-mail addresses to send mails out. (11.Jun.2008 12:27:53 AM)
Hi, "You can configure Exchange to accept SMTP only from particular addresses in the internal network. " That is what I want, how can I do this?

uemurad -> RE: Allow only specified e-mail addresses to send mails out. (11.Jun.2008 9:28:30 AM)
You didn't answer any of my questions. What messages are other systems in your network sending SMTP through your Exchange server? This is called relaying. You can and should limit (by IP address) which systems are allowed to relay. Open the System Manager and expand your server, then Protocols and SMTP. Open the properties of the Default SMTP Virtual Server, go to the Access tab and click Relay. Select "Only the list below" and enter the IP addresses of the servers you are allowing to relay. Leaving the list blank prevents all relaying. Selecting "All but the list below" and leaving the list blank turns your server into an Open Relay - a very bad thing.

Sembee -> RE: Allow only specified e-mail addresses to send mails out. (11.Jun.2008 11:32:53 AM)
Spam bots do not send their email through other hosts. Therefore trying to secure your server against that is a waste of time. BOTS have their own SMTP stack and will try and send email out directly. A rule on the firewall will stop that. Most BOTS are targetted at clueless home users, rather than corporate networks. http://www.sembee.co.uk/archive/2008/03/13/73.aspx Simon.

faraz@chillizone.com -> RE: Allow only specified e-mail addresses to send mails out. (12.Jun.2008 2:17:34 AM)
Hi Sembee, This could be the reason because I have done my best toprotect the server itself, But still IP being listed back as black... I think there is BOT on any machine of my network which is using it's own SMTP stack to send mails out...(But if it is the case that BOT is sending mail through it's own SMTP stack than why my IP is being blacklisted???).. should I create the windows firewall rule to block 25 port for outbound, will it resolve my problem? one more thing; let's assume that if any machine on my internal network is sending spam mails thorugh my SMTP server and if I restrict only specified(authenticated) email addresses on my internal network( ie: a@abc.com and b@abc.com ) to send mails out thorough my SMTP server.. would it resolve my problem.. beause as I can understand BOT send mails out through SMTP server from: some fake e-mail address, so if I restrict only specific users e-mail addresses on my internal network to use my SMTP server to send mails out.. would it resolve my problem? if yes! than how can I do this?

Sembee -> RE: Allow only specified e-mail addresses to send mails out. (12.Jun.2008 6:55:37 AM)
For Exchange to work correctly you do not need any relay settings at all set. Therefore you can turn them all off. However due to the way that BOTs work I can almost guarantee that the messages are not being sent through your server. Obviously if you have a user doing a manual spam exercise then you have bigger problems to worry about. You need to set the rule on the firewall between your users and the internet. If you are routing all traffic through the Exchange server - so the Exchange server is the default gateway for the clients instead of a router, then you may well struggle to set that kind of rule while allowing for traffic to flow correctly. However I wouldn't recommend using a Windows server as a default gateway unless it is an ISA server built for the task. Simon.

Page: [1]