restrict SMTP HELO

Our ex2k server is recieving a lot of spam and junk from computers saying
they are ourdomain.com when they HELO .  An example of the command to our
ex2k server would be: helo my.domain.com  .  Exchange then responds with a
250 and then they proceed to send our users tons of junk.  Is there a way to
filter based on what remote computers are heloing us as?  Can an event sink
handle this?

Thanks in advance,
Matt



0
nospam7515 (2084)
6/14/2004 9:36:31 PM
exchange.admin 57650 articles. 2 followers. Follow

4 Replies
455 Views

Similar Articles

[PageSpeed] 39

Yep. See example
http://www.asaris-matrix.com/sweber/playground/downloads/forms/DispForm.aspx?ID=14

Also see
http://spf.pobox.com

matt wrote:

> Our ex2k server is recieving a lot of spam and junk from computers saying
> they are ourdomain.com when they HELO .  An example of the command to our
> ex2k server would be: helo my.domain.com  .  Exchange then responds with a
> 250 and then they proceed to send our users tons of junk.  Is there a way to
> filter based on what remote computers are heloing us as?  Can an event sink
> handle this?
>
> Thanks in advance,
> Matt

--
Help fight spam - designate sending servers for your domain.
http://spf.pobox.com


0
kpalagin1 (1216)
6/15/2004 6:23:31 AM
Hi Kirill,

I took a look at the event sinks from asaris-matrix.  The senderfilter is
the closest to what I'm looking for, but I don't think it's quite right. It
will filter senders based on the sender address' domain, not the domain they
HELO as.  I need a filter that will either flag messages somehow, drop them
or optimally deny sending and drop the connection based on if they HELO as a
particular domain or computer name.  I don't believe the HELO name given is
anything other than voluntary information, but to me if they are HELOing as
my domain they are illegitimate.

I'm going to check out the SPF thing too.

Thanks again,
Matt



"Kirill S. Palagin" <kpalagin@nomail.phxint.please.ru> wrote in message
news:40CE95E3.A9F4B9B1@nomail.phxint.please.ru...
> Yep. See example
>
http://www.asaris-matrix.com/sweber/playground/downloads/forms/DispForm.aspx?ID=14
>
> Also see
> http://spf.pobox.com
>
> matt wrote:
>
> > Our ex2k server is recieving a lot of spam and junk from computers
saying
> > they are ourdomain.com when they HELO .  An example of the command to
our
> > ex2k server would be: helo my.domain.com  .  Exchange then responds with
a
> > 250 and then they proceed to send our users tons of junk.  Is there a
way to
> > filter based on what remote computers are heloing us as?  Can an event
sink
> > handle this?
> >
> > Thanks in advance,
> > Matt
>
> --
> Help fight spam - designate sending servers for your domain.
> http://spf.pobox.com
>
>


0
nospam7515 (2084)
6/15/2004 2:31:51 PM
matt wrote:
>
> I took a look at the event sinks from asaris-matrix.  The
> senderfilter is
> the closest to what I'm looking for, but I don't think it's quite
> right. It
> will filter senders based on the sender address' domain, not the
> domain they
> HELO as.  I need a filter that will either flag messages somehow,
> drop them
> or optimally deny sending and drop the connection based on if they
> HELO as a particular domain or computer name.  I don't believe the
> HELO name given is anything other than voluntary information, but to
> me if they are HELOing as
> my domain they are illegitimate.

The SMTP Event Sinks Kiril mentioned on my site are all transport events.
What you are looking for are protocol events. Those can be done only with
C/C++, Delphi or using the managed wrappers available by Microsoft on MSDN
with C# or VB.NET. I believe there is a "Shields Up" sample in C/C++ and/or
C# included in the Exchange 2000/2003 SDK available on
http://msdn.microsoft.com/exchange . Maybe that'll help you get something up
and running.

-- 
Cheers,

Siegfried Weber

If you want a smart answer, ask a smart question
http://catb.org/~esr/faqs/smart-questions.html

Why tables are bad: http://www.hotdesign.com/seybold/,
http://webdesign.about.com/cs/tables/a/aa020800b.htm

Note: Please do not send any e-mail to my old address
sweber@cdolive.com because I am no longer connected with this
organization.

0
6/16/2004 3:23:36 PM

"Siegfried Weber" <siegfriedcw@notmail.com> wrote in message
news:eDauxO8UEHA.2668@TK2MSFTNGP10.phx.gbl...
> matt wrote:
> >
> > I took a look at the event sinks from asaris-matrix.  The
> > senderfilter is
> > the closest to what I'm looking for, but I don't think it's quite
> > right. It
> > will filter senders based on the sender address' domain, not the
> > domain they
> > HELO as.  I need a filter that will either flag messages somehow,
> > drop them
> > or optimally deny sending and drop the connection based on if they
> > HELO as a particular domain or computer name.  I don't believe the
> > HELO name given is anything other than voluntary information, but to
> > me if they are HELOing as
> > my domain they are illegitimate.
>
> The SMTP Event Sinks Kiril mentioned on my site are all transport events.
> What you are looking for are protocol events. Those can be done only with
> C/C++, Delphi or using the managed wrappers available by Microsoft on MSDN
> with C# or VB.NET. I believe there is a "Shields Up" sample in C/C++
and/or
> C# included in the Exchange 2000/2003 SDK available on
> http://msdn.microsoft.com/exchange . Maybe that'll help you get something
up
> and running.


That may be over my head, but I'll check it out.  Thanks for the reference.

-Matt


0
nospam7515 (2084)
6/17/2004 1:46:34 PM
Reply:

Similar Artilces:

Adding an SMTP contact to a group in AD/GAL
Hello eveyone, I am trying to add a regular contact (a pager with a standard SMTP address to a distribution group in Exchange). When I send an email to the group, I get the following error:The following recipient(s) could not be reached: Primary Pager on 8/2/2005 2:56 PM The e-mail address could not be found. Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address. Check the address and try again. <mailserver #5.1.0> How can I add the pager to this group and not have the SMTP issue? We really need to have the pager in place as a fai...

SMTP Backup Exh 2003
Recently had connectivity problems with DSL provider,they do haowever provide a backup dial up service, is there away to setup a backup dialup on to E2K3 server for SMTP? Just a piont in the right direction would be enough, I realise this is very vague question many thanks DT You can configure an SMTP connector with an Higher cost, but the dial-up connection must be established first. More information: "How To Configure the SMTP Connector to Link to Internet Domains in Exchange", http://support.microsoft.com/default.aspx?scid=kb;en-us;319426 -- Blog "subject: exchange...

Restricting Input
Ok, I'm on a roll here. Could someone please tell me how to set up a cell restriction that will only allow data input if another cell is "empty" or has a certain value? Kind of like an IF function, only when "true" exists, I can input any value, and when "false" exists, I must leave it blank. Thanks in advance. Randy, you can accomplish this using data validation. Select: data-validation, then input your restriction. Randy Vieira wrote: > Ok, I'm on a roll here. Could someone please tell me how to set up a cell > restriction that will ...

Restrict calendar?
We are currently looking at moving to Exchange 2003 this year. Our employers are holding off on the purchase due to the fact that there is no way to restrict certain users from even being able to see "Free/Busy" on their calendars. They want it so that a whole Active Directory OU can be set to not have any calendar access to another OU's calendar. Does anyone know if this is possible? This is huge for us so a great big Thank You in advance to those who might have suggestion. sgsundqu wrote: > We are currently looking at moving to Exchange 2003 this year. Our > employe...

Pricing restriction to price lists
Most of our customers do no wish to load all products to MS CRM. Therefore the system restriction to use price lists is too inflexible. In case of opportunities it is even not possible to enter manual prices on product level. ...

Configuring exchange to send a single outgoing smtp message to multiple destination domains (using a smarthost)
Hello all, By default, when an internal user sends an email to multiple external reciepients (from different domains), exchange will create a separate message for each destinations' domain and queue each message for delivery. Essentialy, this means that if for instance you send a marketing email to 500 different domains and the email is about 500KB in size, you are actually transmitting 250 MB through your WAN connection... My thoughts are that since most ISP smarthosts are perfectly capable of performing the separation of a single message destined to multiple domains to multiple messages...

Restrictions
All of a sudden I am no longer able to click on hyperlinks embedded within email and get an error message "THIS OPERATION HAS BEEN CANCELLED DUE TO RESTRICTION IN EFFECT ON THIS COMPUTER. PLEASE CONTACT YOUR SYSTEM ADMINISTRATOR." I haven't knowingly changed anything but some other program may have. How do I get back to normal? See if the articles at http://support.microsoft.com/?kbid=3D310049 and http://support.microsoft.com/?kbid=3D307818 help with this.=20 --=20 Sue Mosher, Outlook MVP Author of Microsoft Outlook Programming - Jumpstart for=20 Administrator...

e2k3 smtp problem
We have a single w2k/ad domain with two exchange server in one exchange organization. We have recently been experiencing problem where the exchange smtp have been monopoliziing the internet bandwidth. There have been no pattern to when it happens but it occurrs a couple times a day for a period of 10-20 minutes. When this happens we shut down the default virtual smtp on the exchange servers and the internet returns to normal. We have a T1 and about 250 users mailboxes. We have checked and verify with MS technician that the exchange servers are not an open relay and we have McAfee ...

settting up a temporary SMTP, while using POP3 Connector
Any help on this will be great. Background: Have SBS2003 with exchange 2003 installed. Our company MX records points to our ISP. The exchange 2003 uses POP3 connector to download users' emails. Our ISP is having problems and emails our arriving a day or a week after. Not all emails though, about 20 percent of them. ISP explanation of problem -- they are bombarded with spam, and emails that are not processed are going into their spooler server. This is where the delay occurs b/c the spooler doesn't send those emails fast enough -- they have problem here. My question: I woul...

Relay
Hi! Think our Ex2003 sp1 has been hijacked. Have about 900 internet smtp connectors in the queues folder. How have they come there and how do I get rid of them. Please help Tomppa Tomppa <Tomppa@discussions.microsoft.com> wrote: >Think our Ex2003 sp1 has been hijacked. Have about 900 internet smtp >connectors in the queues folder. How have they come there and how do I get >rid of them. They may be nothing more than Non-Delivery Reports. If a message is sent to an address that doesn't wxist your server will send a NDR. Spammers don't always use SMTP addresses th...

Restrict DB Access
Is there a way in GP7.5 to restrict a user to only see a single SQL Database/Server when they login to GP? Thanks It's unclear exactly what you want to do. In GP, you can restrict access by user to the company databases via the User Access window. When you set up the ODBC DSN, you are determing which database server the user can access through GP. Additionally, if you happen to have multiple servers, the best way to handle it is to have different user accounts. -- Charles Allen, MVP "JDR" wrote: > Is there a way in GP7.5 to restrict a user to only see a si...

Restricting no. of recipients
Hello, We are using Exchange 5.5 server now and for some reason, we need to restrict the number of recipients that an user can send at once. I tried to find at most of configuration dialogs, but could not find it. Is it possible to enable this function in Exchange 5.5? Or is there a 3rd party tool regarding this? Appreciate it if you can find it or help me. Thanks. Richard You can set this, but it is for the maximum number of recipients in the message before distribution list expansion, so a distribution list counts as one recipient. It is much more accurate in Exchange 2000/2003....

restricting the drop lines to only a single series
I have mutiple-series charts, but would like restric the drop lines only to only one (ususlly the first) plotted data series. However, the drop line option seems to apply to ALL data series and creates an unreadable mess. Is there a way to see only what I want, i.e. the drop lines for a selected series only? z.entropic Hi Z, > I have mutiple-series charts, but would like restric the drop lines only to > only one (ususlly the first) plotted data series. However, the drop line > option seems to apply to ALL data series and creates an unreadable mess. > > Is there a way...

SMTP Relay #3
I've setup two servers. Setup: ------ Server 1: Windows 2000 DC and Exchange 5.5 Server 2: Windows 2003 / BizTalk / WSS , Outlook, etc Problem: --------- When I send an SMTP message <-- email from Server 2 to Server 1 (the destination mail server) - the message never makes it to the mailbox of the user. Now, Exchange 5.5 does not have the SMTP component installed so I installed SMTP from the IIS piece of Add / Remove. Question: --------- When I install Exchange 5.5, can I also install SMTP from IIS 5.0 afterewards or will there be a problem? I ask because I noticed in Ex...

restrict to export records to Excel and restrict to print
Hi, It is a major requirement for us to restrict some users to export Microsoft CRM records to Excel file and to restrict them to print as stated in our implementation policies. Is there a possible workaround for this restriction? Would greatly appreciate for your fedback. Lot of thanks in advance. In v1.2 there is no easy way to do this. v3.0 should enable this via security roles. In thoery, you could do something with javascript that conditionally removed the link, but not sure how reliable it would be as it would need to do a server-based call to determine the security. Matt Parks...

Messaging size restriction bizzare
Hi, I am current using Trend Mico ScanMessage gateway and Exchange 2003. Incoming is going through ScanMessage gateway first and relay to Exchange 2003. I setup "sending message size" as 3900 KB in Global setting and 50000KB as receiving message size. I test it with internal mail and everything is fine accoring sending/receiving size restriction until external email such yahoo. For example, (External email) if I send 3 MB attachment which is fine and but not everything above 3900 KB (bounce: limit or email box is full). It seems Exchange is using sending message size (ov...

smtp connector fails to my ISP's smtp server
I have the smtp connector on my exchange 2003 server set to use a smart host: my ISP's smtp server. Outgoing mail stays in the smtp queue and an error "the remote server did not respond to a connection attempt" appears in the "additional queue information box". The mail stays stuck. - if I remove the smart host, the mail routes ok except for when a receiving server rejects mine because I have a dynamic ip address. Hence I need to get the smart host working. - on the exchange server machine I can send email with outlook express directly to the same smtp server (no...

Text "=SMTP:" appended to email addresses
Not sure if this is a server or an Outlook issue, so please bear with me if in wrong place! I've got one user (Outlook 2007) who is finding that when she replies to an email, the text "=SMTP:" is appended to the front of the destination email address, which renders the email undeliverable. ? Any ideas ? "Baz" <Baz@discussions.microsoft.com> wrote in message news:4E9CC0D5-B7C9-44AF-BFB9-54190CEBA96B@microsoft.com... > Not sure if this is a server or an Outlook issue, so please bear with me if > in wrong place! > > I've got one ...

restricted users
Is there any way to run pub 2002 xp as a restricted user? I want users on a certain machine to be able to user publisher but not install programs or make any system changes, as soon as they lose domain admin though, it barfs pretty hard. When you click on the icon it says it's running the installer package, then it throws a 1722 error saying there is a problem with the package and setup did not finish. The program at this point acually loads, but as soon as I try to do something it throws an error saying I have low memory or the disk is full and it crashes. Soon as I give domain...

Restricted IPs still connecting despite Connection Restrictions
I have gone to System Manager -> Servers -> ServerName -> Protocols -> SMTP -> Default SMTP and setup the following under Access -> Connection Control on my Exchange 2003 SP1 Server. Select which computer's may access this virtual server: Only the listed computers... 1.2.3.0 (255.255.255.0) - Internal IPs AntiSPAM server IP 1 AntiSPAM server IP 2 AntiSPAM server IP 3 AntiSPAM server IP 4 AntiSPAM server IP 5 AntiSPAM server IP 6 AntiSPAM server IP 7 Still I am seeing connections from serveral other servers on the list. I have even accessed my server remotely via te...

Can I restrict the undo function to the current sheet only?
In Word, the undo function applies to the active document only. In Excel, it not only switches sheets, but workbooks as well. Is there a way to restrict the undo function to the active sheet only? I guess I would then want Excel to maintain a separate undo stack for each sheet. At the very least, can I get this at the workbook level? Not with anything built into excel. On 09/23/2010 00:27, Prof Wonmug wrote: > In Word, the undo function applies to the active document only. > > In Excel, it not only switches sheets, but workbooks as well. > > Is there a way to restrict the ...

DL Restriction
I've Exchnage 2003 as my Mail Server and we have created DL's for executives and managers.Now wht is happening is any one can send mail on any DL although we have restricted to receive mails from INDIA Team which has alla the Dl's.Can we restrict executives DL not able to send mails to all the DL's.... ...

restrict users from a fake ids
hi , i have exchange server 2003(sp1) with windows server 2003(sp1) i am getting a problem is that my clients are mailing through fake ids from my domain , my domain is "muet.edu.pk" but the users are able to mail as a hotmail id , how can i restrict them to mail from their own id , not from the hotmail or yahoo ids which is fake . thanks in advance regards ALI. On Fri, 12 Aug 2005 20:54:16 -0700, mohammad ali <mohammadali@discussions.microsoft.com> wrote: >hi , > > i have exchange server 2003(sp1) with windows server 2003(sp1) i am getting >a problem is...

Document restricted
I use the Avery add on for making labels when I am using Word 2007 from within the document itself. I recieve the following error message when I click the finish button when using the Avery program. "The addon method or property is not available because permission for this document is currently restricted" Windows 7 op system and Office Pro. Suite. I can not find how to fix this problem. Why are you not using the integrated label wizard that includes all the Avery labels? -- Terry Farrell - MSWord MVP "Larry H." <Larry H.@discussions.mic...

Message size restrictions
Is it possible to set a limit on the maximum size a message can be that is being sent between 2 users on the same server in Ex 2003? I know you can set limits on the smtp server for messages that go out to the internet but I would like to set a similiar limit on messages that go from one Exchange user to another. Thanks. Bill Unfortunately this is not configurable as you desire. You can set a message size for all users, but not for just specific users. Bob "Bill Uyer" <buyer@dhblattner.com> wrote in message news:%23j%23MaVALFHA.3184@TK2MSFTNGP09.phx.gbl... > Is it po...