restrict SMTP HELO

Our ex2k server is recieving a lot of spam and junk from computers saying
they are ourdomain.com when they HELO .  An example of the command to our
ex2k server would be: helo my.domain.com  .  Exchange then responds with a
250 and then they proceed to send our users tons of junk.  Is there a way to
filter based on what remote computers are heloing us as?  Can an event sink
handle this?

Thanks in advance,
Matt



0
nospam7515 (2084)
6/14/2004 9:36:31 PM
exchange.admin 57650 articles. 2 followers. Follow

4 Replies
555 Views

Similar Articles

[PageSpeed] 35

Yep. See example
http://www.asaris-matrix.com/sweber/playground/downloads/forms/DispForm.aspx?ID=14

Also see
http://spf.pobox.com

matt wrote:

> Our ex2k server is recieving a lot of spam and junk from computers saying
> they are ourdomain.com when they HELO .  An example of the command to our
> ex2k server would be: helo my.domain.com  .  Exchange then responds with a
> 250 and then they proceed to send our users tons of junk.  Is there a way to
> filter based on what remote computers are heloing us as?  Can an event sink
> handle this?
>
> Thanks in advance,
> Matt

--
Help fight spam - designate sending servers for your domain.
http://spf.pobox.com


0
kpalagin1 (1216)
6/15/2004 6:23:31 AM
Hi Kirill,

I took a look at the event sinks from asaris-matrix.  The senderfilter is
the closest to what I'm looking for, but I don't think it's quite right. It
will filter senders based on the sender address' domain, not the domain they
HELO as.  I need a filter that will either flag messages somehow, drop them
or optimally deny sending and drop the connection based on if they HELO as a
particular domain or computer name.  I don't believe the HELO name given is
anything other than voluntary information, but to me if they are HELOing as
my domain they are illegitimate.

I'm going to check out the SPF thing too.

Thanks again,
Matt



"Kirill S. Palagin" <kpalagin@nomail.phxint.please.ru> wrote in message
news:40CE95E3.A9F4B9B1@nomail.phxint.please.ru...
> Yep. See example
>
http://www.asaris-matrix.com/sweber/playground/downloads/forms/DispForm.aspx?ID=14
>
> Also see
> http://spf.pobox.com
>
> matt wrote:
>
> > Our ex2k server is recieving a lot of spam and junk from computers
saying
> > they are ourdomain.com when they HELO .  An example of the command to
our
> > ex2k server would be: helo my.domain.com  .  Exchange then responds with
a
> > 250 and then they proceed to send our users tons of junk.  Is there a
way to
> > filter based on what remote computers are heloing us as?  Can an event
sink
> > handle this?
> >
> > Thanks in advance,
> > Matt
>
> --
> Help fight spam - designate sending servers for your domain.
> http://spf.pobox.com
>
>


0
nospam7515 (2084)
6/15/2004 2:31:51 PM
matt wrote:
>
> I took a look at the event sinks from asaris-matrix.  The
> senderfilter is
> the closest to what I'm looking for, but I don't think it's quite
> right. It
> will filter senders based on the sender address' domain, not the
> domain they
> HELO as.  I need a filter that will either flag messages somehow,
> drop them
> or optimally deny sending and drop the connection based on if they
> HELO as a particular domain or computer name.  I don't believe the
> HELO name given is anything other than voluntary information, but to
> me if they are HELOing as
> my domain they are illegitimate.

The SMTP Event Sinks Kiril mentioned on my site are all transport events.
What you are looking for are protocol events. Those can be done only with
C/C++, Delphi or using the managed wrappers available by Microsoft on MSDN
with C# or VB.NET. I believe there is a "Shields Up" sample in C/C++ and/or
C# included in the Exchange 2000/2003 SDK available on
http://msdn.microsoft.com/exchange . Maybe that'll help you get something up
and running.

-- 
Cheers,

Siegfried Weber

If you want a smart answer, ask a smart question
http://catb.org/~esr/faqs/smart-questions.html

Why tables are bad: http://www.hotdesign.com/seybold/,
http://webdesign.about.com/cs/tables/a/aa020800b.htm

Note: Please do not send any e-mail to my old address
sweber@cdolive.com because I am no longer connected with this
organization.

0
6/16/2004 3:23:36 PM

"Siegfried Weber" <siegfriedcw@notmail.com> wrote in message
news:eDauxO8UEHA.2668@TK2MSFTNGP10.phx.gbl...
> matt wrote:
> >
> > I took a look at the event sinks from asaris-matrix.  The
> > senderfilter is
> > the closest to what I'm looking for, but I don't think it's quite
> > right. It
> > will filter senders based on the sender address' domain, not the
> > domain they
> > HELO as.  I need a filter that will either flag messages somehow,
> > drop them
> > or optimally deny sending and drop the connection based on if they
> > HELO as a particular domain or computer name.  I don't believe the
> > HELO name given is anything other than voluntary information, but to
> > me if they are HELOing as
> > my domain they are illegitimate.
>
> The SMTP Event Sinks Kiril mentioned on my site are all transport events.
> What you are looking for are protocol events. Those can be done only with
> C/C++, Delphi or using the managed wrappers available by Microsoft on MSDN
> with C# or VB.NET. I believe there is a "Shields Up" sample in C/C++
and/or
> C# included in the Exchange 2000/2003 SDK available on
> http://msdn.microsoft.com/exchange . Maybe that'll help you get something
up
> and running.


That may be over my head, but I'll check it out.  Thanks for the reference.

-Matt


0
nospam7515 (2084)
6/17/2004 1:46:34 PM
Reply:

Similar Artilces:

Corrupted SMTP address
Exchange 2003 with SP2. 8 sights, mixed mode. Strange thing happened today, all users at a one site were unable to send or recive email. Noone can send them email too. NDR. Upon invistigation I found that their SMTP email address in ADUC geneal tab has changed to {Intenet email address} instead of the ususal useranme@xyzcompany.com. The email addresses in the Email adress tab are intact. The only change that was made, and I am not sure if anyone tried to import anything into AD, is with the default receipent policy, the previous day. Did I mention each site has their own policy that was...

Rules for different smtp addresses for 1 user.
In exchange my user account is set-up with 2 smtp addresses. 1) Erik@mycompany.com and 2) jreed@mycompany.com (this is the primary SMTP address) so any email sent to those 2 addresses comes to my inbox. I tried to create a rule in outlook XP to place the email to erik@mycompany.com into a seperate folder. Turns out that this can not be done! OUCH! it appears all incoming mail is translated to the local account name and the smtp address is not referenced at all???? I do not want to have to create a seperate user and maintain 2 different mailboxes. I have to be missing how to do thi...

SMTP Addresses
I have a user that did a little 'experimenting' on her own about an issue she was having. If someone sent her a message using upper case letters in her address: Uppercase@whatever.domain the mail would take a lot longer before it finally showed up in her mailbox. If, however, they sent it to her using her correct address - all lowercase: lowercase@whatever.domain it would be delivered immediately. What is the magic button to take away the case sensitivity oh the SMTP addresses? Thanks for any reply - LOL! Maybe you ought to verify these resu...

setting exchange2003 to use external smtp for mail delivery
I would like to forward all mail to an smtp server belonging to my isp for delivery rather than trying to deliver the mail directly from exchange - Could anyone help with some advice on how to do this? Thanks Martin You didn't specify if you are using a connector or not, but in essence you want to specify a smart host. Since I'm looking at a single server setup w/out a connector, the place to specify is on the SMTP virtual server's delivery tab > advanced button. "mart-the-shrew" <marttheshrew@discussions.microsoft.com> wrote in message news:D96C7E68...

Exchange Server 5.5 SMTP log #2
I am running Exchange server 5.5 on a LAN. How can I track email by user. I would like to see what email a user receives and sends on a daily basis (don't want to read the mail, but the header and stuff like that). Can I do this with Exchange (so yes how) or is their a 3rd party software package I can purchase? Message Tracking logs will give you sender, recipient, size and date of the message. Message Journaling will give you message contents. "Michael J." wrote: > I am running Exchange server 5.5 on a LAN. How can I track > email by user. I would like to see what...

Restricted characters for SQL databases???
We are installing the CRM server and are at the summary form. The SQL databases indicate that they are named "_companyname_inc..." The problem is that our company name is actually "3_companyname_inc...". Will this pose a problem for CRM. We don't want to go further until we can get reasoning why this is so. Thanks in advance Dave Dave, SQL databases must start with a letter or _, and may contain only numbers, letters, and _. All other characters are stripped from it. My suggestion is to call MS support, and ask to have the number spelled out (Three_companyname_i...

SMTP TL SSL
Hi, I'm runing exchange front-end server (last sp applied and update of OS right) in a perimeter network. OWA is still runing fine with SSL and a private Certificate. I setup IMAP/SMTP access to our outlook express mobile user's clients connecting from internet. IMAP is runing fine to retrieve mail, I still have a problem with SMTP. I had create a SMTP virtual server (with the same name as the name of the certificate I use on to the IIS server) on port 2525. In the user control access settings I just uncheck anonymous and check basic authentication with TLS checked. The certifica...

Restrict OWA to certain Users
Is it possible to restrict OWA to a group of users? I have opened this up for external use but only want around 20 people in the company to actually be able to login. I have tried to change the OWA Publishing Rule in ISA from any request to only a group I setup but that didn't do it. Anyone tell me how/if this is possible. Thanks You can using Exchagne Task to disable user account HTTP Protocol -- Jammyù�ٴ� "Ziguana" <Ziguana@discussions.microsoft.com> ���g��l��s�D :52D6D725-2257-4B0F-825F-682BDC6637FD@microsoft.com... > Is it possible to restrict OWA to a...

SMTP Logs #3
I have never had a chance to see SMTP Logs for troubleshooting ... Are they very helpful? If yes, what am I suppose to look in there and when should I go to check the logs? Thank you in advance. smtp logs - depending on what you're loggin - can be quite helpful. they tell you what transpired between 2 smtp hosts. when you set diagnostic level of smtp log to max it can log entire message content. you want to look for 4xx and 5xx codes - the 400s being temporary issues, and the 500s may require some admin intervention. How frequently? depends on your environment - size of logs ...

Exchange 2003 smtp connector
I have a customer that has been running SBS 2003. To send email, I had to set up an SMTP connector since their ISP would not let them send email unless it went through their servers. This worked great until this morning when the server died. As a temporary solution, I took an old server from one of their other offices that was running Windows 2003 and Exchange 2003 and set it up in the office. I reset the connector but it will not work. I just need to get this temporary solution up until new hard drives come in. I added security but that did not help. I tried a smart host in the SMTP c...

sp2 SMTP Engine update
In SP 2 for Exchange inludes a change to the SMTP engine that prevents it from attempting to resolve the sender address to a display name on messages that are submitted anonymously. In my testing i have found that this is not the case. I telneted from an off site machine to port 25 on my Exchange 2003 sp2 server and sent a message as a user on the internal network that does have a mailbox on Exchange, and sent the email to another user on exchange, and the email was recived and it did show the display name not the email address. I tested this out with another Exchange sp2 server that...

Re: smtp service bug?
According to RFC 821, a "." (dot) immediately before or after the @ is an invalid SMTP address. Mike Ober. "Francesco" <lvfranz_remove_me@tiscali.it> wrote in message news:ed62hu$qlv$2@fata.cs.interbusiness.it... >I have see that, also in the latest build, the email address formatted as > xxx.yyy.@wwww.it are not accepted: the problem seems to be the latest dot > before @. > > Anyone have similar experience? > > > Francesco ...

Restrict "Public folder" folder creation
How can I prevent users from creating new folders under public folder in Exchange 2003? Thanks, http://support.microsoft.com/kb/256131 Todd "Zack" <svoiasgfs@sdlgweg90dflg.com> wrote in message news:u2dAzCFBHHA.5060@TK2MSFTNGP02.phx.gbl... > How can I prevent users from creating new folders under public folder in > Exchange 2003? > > Thanks, > see this: http://support.microsoft.com/kb/328808/en-us -- Susan Conkey [MVP] "Zack" <svoiasgfs@sdlgweg90dflg.com> wrote in message news:u2dAzCFBHHA.5060@TK2MSFTNGP02.phx.gbl... > Ho...

smtp connector #19
Hi i use SBS 2003 with exchange 2003, i often receive email with exchange error 5.3.5 bounce ... can help me to resolve this problem? I use pop3 connector to download email from my isp, some users have only email and no AD authentication, when internal user send email to one of this receive the same error as above or user unknow, do you think if i use smartHost in smtp connector i resolve this problem? Tia Pupo 5.3.5 indicates a looping problem. Check your configuration to find out why this is happening or explain how you have your Virtual Servers and connectors configured so we can ...

SMTP Vritual Server error
I've started seeing this error the past couple days this in the System Log on ExchServer2003. There doesn't seem to be anything wrong with our DNS servers (nothing unusual seen in the logs.) Event Type: Error Event Source: smtpsvc Event Category: None Event ID: 2013 Date: 5/20/2005 Time: 5:37:13 AM User: N/A Computer: PLANET Description: SMTP could not connect to any DNS server. Either none are configured, or all are down. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 7c 26 00 00 |&.. Hi Chri...

RE: NDR's from smtp server
I am receiving a large amount of NDR's from my smtp server. It is refusing both good and bad addresses, internal users, and users that do not exists. Any help on this would be greatly appreciated. ...

Exchange 2003: SMTP service takes all bandwidth!
I encountered a problem with an Exchange 2003 server (running on Windows Server 2003.) Last week, Exchange started shutting down and the Internet connection (DSL) had unusually high traffic. I quickly traced this problem to the NetSky.B worm. Downloaded the virus update and cleaning tool, disconnected from the Internet, and cleaned all machines on the network. However, as soon as I restarted the SMTP service, the DSL connection became totally bogged down again, so busy it wasn't allowing any traffic. This even happens when I disable outbound mail in Exchange, and even after I emptied all t...

Export The Display Name & Main SMTP Addresses Onto Excel Sheet
We have Exchange 2000 and I want to export both the Display Name & Main SMTP Address for our users onto Excel sheet. How I can do this task? Regards, "M. Zantout" <anonymous@discussions.microsoft.com> wrote: >We have Exchange 2000 and I want to export both the >Display Name & Main SMTP Address for our users onto Excel >sheet. How I can do this task? You can use CVSDE.exe to export to a VSV format usable by Excel -- Rich Matheisen MCSE+I, Exchange MVP MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm ...

Exchange 2003 can't connect to SMTP on internal IP address
We have Exchange 2003 server no service packs. This has 2 IP addresses used for SMTP. We were looking to lockdown our Exchange server to only allow mail from our email provider. After setting this up we thought it would be better to do this at the firewall level, so we undid the changes we made. The changes were as follows: Created a global accept list Created a global deny list Created connection filter to an SMTP virtual server No reboot took place during this. When undoing the change we removed the IP list before the virtual SMTP server. This may have caused the problems out...

Exchange 2003 SMTP QUIT
= = = = = = = = = = = = = = = = = = = = = = = = = = = PROBLEM: Problem is that OUR SERVER is sending QUIT-, instead of sending MAIL FROM: MY Server open a SMTP connection REMOTE Server says 220 .. MY Server says EHLO to REMOTE Server REMOTE Server says 250 ... MY Server then say QUIT ! (instead of MAIL FROM ....) We have::Exchange 2003 , cu SP1, pe Windows 2003.. Exchange has also IMF (spam filter from Microsoft) and Symantec Mail Security for Exchange 4.5. all PTR is installed and working OK. The SMTP Server is workin OK a while, then it start opening a lot of connections (7-10 /sec) t...

E2k3 OWA
Users have begun reporting a problem - from OWA they cannot reveal the smtp address of messages they receive from other Exchange users that have their accounts hidden from the GAL. They are able to reply to the messages, but if you try to switch to a cc or bcc it fails. From other clients (Outlook, POP, IMAP) it works fine - they can see the SMTP address. Is there a solution to this, it's quite annoying? I suspect this has happened after the latest patches, but can't be certain. -GT I suspect this is happening because of the way OWA queries the GAL (other clients use LDA...

SMTP abruptly dies after installing Windows Update security patch.
All I'm having a strange problem with my SMTP abruptly dieing. My Outlook 2002 sp2 is able to receive but abruptly stopped being able to send through SMTP last week after running Microsoft Update and installing recent security patches and installing Norton Antivirus. I've uninstalled NAV and rolled back the security patches but am still unable to send through SMTP. I'm using 2 different SMTP servers both with authorization on private servers (not ISP) with settings that worked up until last week. I've tried with a different machine, same settings work fine. I'm runnin...

Public Folder Mail Delivery restrictions
I have a mail enabled Public Folder.I would like to restrict this public folder to receive mails from specific external domains(say only from @hotmail.com or @yahoo.com) On Fri, 23 Feb 2007 16:13:10 -0800, Rajesh M Nair <Rajesh M Nair@discussions.microsoft.com> wrote: >I have a mail enabled Public Folder.I would like to restrict this public >folder to receive mails from specific external domains(say only from >@hotmail.com or @yahoo.com) Not really possible out of the box. Thanks.But I believe I can achieve this through my Gateway Solutions. "Andy David {MVP}&quo...

SMTP Filtering possible??
Hi!! I have SBS 2003 and I would like to configure the following on my Exchange: I want to send Emails to anyone on the Internet, but I want to recieve Internet mails from selected e-mails adresses. Ej, User Bill can send e mails to anyone outside, but he can only recieve external e-mails from sue@domain.com Is this can be done?? Thaks in advise Manny Little hacking with Rulez Wizard should do the job. Manny wrote: > Hi!! > > > I have SBS 2003 and I would like to configure the > following on my Exchange: > > > I want to send Emails to anyone on the ...

Microsoft Outlook Restricted sites
Is it possible to add a mail address to the restricted sites, type: my.name@microsoft.com or dos it only support sites? HELP PLEASE! Does anybody know the answer? ...