Home
Topics
Microsoft Exchange Server Administration
Email Protocols
What are the major security issues involved with SMTP relay?

What are the major security issues involved with SMTP relay?

Regarding SMTP relay: I have received many requests for allowing additional machines to perform SMTP relay using the data center's MS Exchange SMTP server. I am concerned about security, as some of these requested machines are not within our data center. What are some of the major security issues and what can I do about them?

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

Allowing a machine to relay SMTP messages means that your SMTP Server will accept messages from that machine that are not intended for the SMTP Server's domain(s) and that your SMTP Server will forward the message to the SMTP Server responsible for accepting incoming messages for the recipient's domain.

In a perfect world, you should have authority and control over all systems that are relaying messages through your SMTP Server. Without this direct control, your only means of controlling them is by configuring an SMTP connector or by configuring the default SMTP virtual server with restrictive settings for inbound and outbound messages.

Remember, relaying means that an SMTP client can use an SMTP server to forward e-mail messages to a remote (in other words, non-local) domain. Relaying itself is not inherently bad, because SMTP was designed for this purpose (see, e.g., sections 2.1 and 3.7 of Remote Function Call (RFC) 2821).

However, if relaying is not controlled, a malicious user might use it to send bulk spam or UCE (unsolicited commercial e-mail). This ties up resources on the relay host, which could prevent it from sending e-mail messages. In other words, the security risk is a denial of service against your SMTP server.

I would look into using SMTP authentication, restricting which hosts can relay and tightening your SMTP virtual server/connector restrictions. Alternatively, you might just have the folks who need SMTP services set up their own IIS SMTP server. It's quick, easy and free.

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary

This was first published in January 2003

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

Windows Server
Enterprise Desktop
Cloud computing
SQL Server
Windows IT

Windows Server
- Microsoft delivers patch updates for Windows Server 2012, Windows 8
  
  Microsoft delivered two critical and eight important bulletins in May's Patch Tuesday release, fixing issues in Windows Server 2012 and Office apps.
- Windows Azure Active Directory steps out of the shadows
  
  As Windows Azure Active Directory moves into general availability, we look at how it can help admins manage user authentication in the cloud.
- Steps to read XML files with PowerShell
  
  Wondering how to get PowerShell to read XML files? Our expert explains a few methods you could use.
Enterprise Desktop
- New Office 2013 features can help IT pros as much as end users
  
  New features in Microsoft Office 2013 make desktop management more efficient. See what Office Web Apps Server, Office Telemetry and more can do.
- How to remove a Windows.old folder
  
  Deleting a Windows.old folder seems simple, but it isn't. Our expert explains why Windows Desk Cleanup won't work.
- Finding a prescription for desktop security management at Sharp HealthCare
  
  Desktop security policy must cover the use of mobile devices and the cloud. Sharp HealthCare uses a mix of software for desktop security management.
Cloud computing
- Interest in private clouds grows as market matures
  
  Growing interest in private clouds reflects an improved understanding of cloud computing among IT pros, experts say.
- Building a cloud ecosystem with open source software
  
  The open source community fosters innovation in the name of cloud. OW2's Cédric Thomas talks of 'coopitition' and the open source cloud revolution.
- Sequestration stymies federal government cloud ambitions
  
  The federal government is under mandates to consolidate data centers and deliver IT as a Service, but sequestration makes this easier said than done.
SQL Server
- Database index design and optimization: Some guidelines
  
  What are the latest tips and tricks for database design and optimization? Check out this tip from Basit Farooq to learn more.
- Adam Machanic talks SQL Saturday
  
  We caught up with Adam Machanic, group leader of the New England SQL Server user group, at SQL Saturday Boston. Find out what he shared with us.
- SQL Server meets database application security
  
  Make sure your SQL Server is secure by studying these general guidelines for secure database applications from SQL Server expert Roman Rehak.
Windows IT
- How to advance your cloud skills and get ahead of the gap
  
  There may be a growing shortage of IT pros with cloud skills, but you can take action now and become a valuable asset with the right skills.
- Prepare for a SharePoint 2013 upgrade with five tips
  
  Considering an upgrade to SharePoint 2013? Find out the answers to the most common questions IT pros will ask before making the jump.
- Prioritize your IT tasks and finally conquer your to-do list
  
  It's easy to feel overwhelmed by a growing to-do list of IT tasks, but there are easy ways you can decide what to tackle first and what can wait.

All Rights Reserved,Copyright - 2013, TechTarget