|
Everyone on the Internet is familiar with 'spam' mail, also referred to
as Unsolicited Commercial E-mail (UCE). It's an annoyance at best, and interferes
with productivity at worst. It's almost universally despised by users of
the Internet. Yet since it is a very cheap form of marketing, many
individuals and companies continue to attempt to use it despite its negative
publicity, content with their tenth-of-a-percent response rate.
Most Internet Service Providers have forbidden the transmission of UCE
through their service. In a few states, it's actually against the law,
punishable by civil or criminal penalties. To get around this, many
spammers try to conceal their identities. To accomplish this, they sign up
for free dial-up accounts with providers, transmit their spam, and then
avoid using the account again. Sometimes they forge credit-card numbers.
They avoid ISDN, DSL or cable-modem accounts since they are far easier to
track; therefore, they are typically limited to the slowness of a 56K
modem. This limits the number of E-mails they can send out before being
caught and having to repeat the process.
There are commercial services out there that will forward spam. However,
many of these have been 'black-listed' by major ISP's, so most of the
messages will bounce back as undeliverable. So, what's a spammer to do?
Simple. He scans the Internet looking for someone who will forward his
mail: an innocent server that he can co-opt to do his dirty work for
him.
Here's the rub. By default, Microsoft Exchange (for Windows NT/2000) and
Sendmail both are configured to forward any and all mail sent to them. They
receive a message from the Internet, look at it, and since it isn't for them
they helpfully forward it to where it's going. Unfortunately, this is
exactly what a spammer wants to abuse.
This means that, unless you've turned off this ability, your mail server
is sitting there waiting to be found. In most cases, in fact, it is or
has been being used by someone for exactly this malicious purpose. And the
problem only gets worse: lists of so-called 'open relays' -- machines that
will forward E-mail freely -- are distributed among spammers.
Unfortunately, it isn't always feasible to simply 'turn off' this feature
wholesale. Anyone who uses the Internet Mail Service from inside your
company to send out mail through your server uses this functionality to
relay your own mail traffic. For Outlook Express, it's the only way it can
send mail. What's needed is a way to be selective about who can and cannot
forward.
With most mail packages, you can 'lock it down', selecting a certain
range of IP addresses that can be send mail to be relayed. Anyone from the
outside world who sends mail not destined for your server gets it bounced
back in their face. The logic goes something like this:
- Is the machine sending me the mail on my list of approved
addresses? If so, accept it.
- Is the mail being sent to a domain that I host? If so, accept it.
- Otherwise, bounce it back with an error: We do not relay.
The disadvantage to this, of course, is that people outside your company
can no longer bounce mail off your server. Even roaming users with laptops
will have to change their 'Outgoing Mail Server (SMTP)' settings to point to
their ISP's mail server, not to yours. Only if you know someone's IP
address range can you safely permit relaying for them. For others, it's
unfortunately, but it has to be disabled.
In some cases, you can require authentication in order to use your mail
server as a relay. There are options inside Microsoft Exchange to permit
this setup, and Outlook and Outlook Express will work with it. This means
that, in order to relay mail, a user must authenticate with their username
and password. If this option is feasible, it can provide a good solution
for remote users.
|
Why is Being an Open Relay Bad?
| |
Why is this so important? Well, even ignoring the obvious 'good
neighbor' policy of not letting your systems be used to annoy others,
spammers can cause you problems by using your site in this fashion. First,
people will sometimes complain to you, or to your ISP, resulting in
potential loss of time and/or service dealing with this. Second, it
consumes your bandwidth and adds load to your mail server -- in some cases,
enough to shut it down completely.
In addition to these items, a master list of open relays is
maintained by MAPS, called the RSS (Realtime Spam Stopper). Systems that
are confirmed to relay messages openly get added to this list after they've
been used to relay spam. About ten percent of the ISP's out there, as of
this writing, subscribe to the list and refuse all E-mail from those systems
listed. In other words, if it goes on long enough, you'll find yourself
unable to send mail to certain locations. This would very likely begin to
interfere with your business when E-mails sent to customers or vendors begin
to bounce back marked 'undeliverable'.
Visit the web site for your mail server. Information on closing open
relays is listed below for both Microsoft Exchange and
Sendmail, two of the most popular mail packages. For other packages,
please contact your vendor to make sure your open relay can be closed. This
presents a serious problem and one that needs to be addressed by each and
every business. If left unaddressed, this issue will almost certainly
eventually create problems for your business communications.
|
