To continue reading for free, register below or login
To read more you must become a member of SearchExchange.com
VIEW MEMBER FEEDBACK TO THIS ASK THE EXPERT Q&A.
In answer to your first question, there is nothing that you need to do on an Exchange Server 2003 to stop spammers from relaying. Exchange Server 2003 is a closed relay. The response you referenced was pointing out that in order to support POP and IMAP clients, relaying must be allowed. Then anyone that can authenticate against the domain/forest can send mail using SMTP. Relaying has taken on a very negative connotation because of SPAM but people forget that relaying is what SMTP was built to do.
Now, regarding your second question, you bring up a very good point. All users must authenticate when sending e-mail. And retrieving e-mail for that matter. Again, there is good news for you here. Integrated Windows Authentication (NTLM V2 or KERB) is utilized by default in Exchange. So your POP/IMAP users may not be prompted for a username and password, as Exchange can derive the user's credentials from the user's security context. So, just because they are not prompted doesn't mean they are not being authenticated.
If the user's mail client doesn't support NTLM or KERB, then it is most likely going to try to use Basic authentication (clear text). This is also supported by default on the SMTP virtual server for Exchange Server 2003. In this case, the user will be prompted unless the client is manually configured to store the username and password for future use. In which case, again, you will not be prompted for a username and password.
MEMBER FEEDBACK TO THIS ASK THE EXPERT Q&A:
I am using Exchange 2003 on a Small Business Server (SBS). My company's Web site is SunBeam Generator. Some domain e-mail gets returned, like the following one:
Your message did not reach some or all of the intended recipients.
Subject: PO Monarc 052
Sent: 4/18/2006 10:55 AM
The following recipient(s) could not be reached:
'monarch@blr.vsnl.net.in' on 4/18/2006 3:12 PM
You do not have permission to send to this recipient. For assistance, contact your
system administrator.
<sunbeampower.com #5.7.1 smtp;530 5.7.1 http://dsbl.org/listing?219.64.179.119:
monarch@blr.vsnl.net.in>
What do I have to do and how do I authenticate SMTP?
—Arun S.
******************************************
The reason your server did not send to the specific address in your example is that the recipient's domain is blocked by DSBL.ORG. Your e-mail server or gateway filter is probably configured to check this list prior to sending e-mail. The NDR states this:
"http://dsbl.org/listing?219.64.179.119: monarch@blr.vsnl.net.in'
There are other reasons why this error could be generated but, in this case, I think it is most likely a blocked domain. For more information on this error, you should read Dave Sengupta's discussion thread related to firewalls causing the error.
In addition to the suggestions in that discussion thread, spam filters not allowing the country code DNS domain ".in" (and other country codes) could cause this error. If you find that all or most of the recipients that are being bounced back have e-mail addresses with two-digit country code domains, then that is a very likely culprit.
I have also seen remote systems generate these non-delivery reports (NDRs) when they don't like certain attachments coming through, so pay close attention to the system generating the NDR.
—Richard Luckett, Spam and Security Expert
Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:
Tip:
Cross-Forest SMTP Authentication
Tip: Many ISPs now blocking port 25
Resource Center: SMTP tips and resources
|
