It is irritating enough to receive Unsolicited Commercial Email (UCE) - SPAM. It is more than irritating when your network is overrun by SPAM, inhibiting the productivity of your users and servers. But did you know that if your e-mail servers and firewalls are not configured properly you may be unintentionally spamming other networks right now?
Third Party Mail Relay, or Open Relay, is the ability for mail servers to receive messages that are not intended for local recipients and relay those messages to the ultimate destination.
Advertisement: |
A system configured for Open relay will accept messages from a foreign sender not defined on the local mail system and forward that message to any other destination mail server. This was a very useful function when the Internet was a kinder, gentler place, as it could keep provide redundant paths to send messages and keep e-mail from getting lost.
As common sources of UCE are identified and blocked by mail administrators, spammers hijack the Open Relay function of third party mail servers to forward their junk mail. Spammers are thus capable of staying ahead of mail administrators by constantly changing the servers they use.
While the most common consequence of UCE is the annoyance factor, loss of bandwidth can be an issue and hijacked mail servers can even be damaged due to the sheer volume of work they are asked to do. Also, you may find yourself unable to send messages to companies you want to communicate with, as some systems administrators are blacklisting systems that are identified as having this problem.
Blacklisting of your mail system can occur because some Internet community activists have come forward with a "peer pressure" solution to the Open Relay problem. The Open Relay Behavior-modification System (ORBS) provides a useful service for combating the problems of SMTP relay, despite its Orwellian name. ORBS and the Mail Abuse Prevention System (MAPS) provide reporting, cataloging and testing of mail servers that are configured for third party mail relay. They also keep Realtime Blackhole Lists (RBL) of offenders.
You can configure your system so that messages that come in from servers that show up on an RBL are automatically rejected. ORBS and MAPS both provide documentation on how to integrate their RBL with different mail systems. If you are on the blacklist, you won't be able to send mail to companies that use RBLs to filter mail.
Many mail administrators are aware of the Open Relay problem and may believe they have solved it through a combination of mail server modifications and firewall technology. With Microsoft Exchange, for example, you must add special registry entries to disable Open Relay if you have configured it to support POP3 clients.
Even if you have made the proper modifications, don't be so sure you have solved the problem. Just this month a vulnerability was discovered with MS Exchange that allows rerouting of messages by sending to special encapsulated SMTP one-off addresses.
Solving Open Relay problems are like many other Information Security issues - it is not a one-time fix, but a continuous process of staying current on security news and vendor PTFs.
Should you fix Open Relay problems on your system? Absolutely. Should you configure your mail servers to use these Realtime Blackhole Lists? Be careful, you may block incoming mail that you really want.
Ultimately, this is more of a policy decision than a technical one. The goal of ORBS and MAPS are to make the Internet a better place, but that can mean a few glitches along the way. If you decide to go forward with it, it might be a good idea to go to your top ten customers first and make sure they don't have Open Relay problems.
RELATED LINKS
Information on fixing Open Relay problems with a wide variety of mail systems
Microsoft Technote on the latest Open Relay problem with Exchange
Trend Micro keeping a sharp eye on message content
Network World, 08/02/99
Ethics and acceptable behavior
Network World, 07/26/99
Archive of Network World on Security newsletters
Network World Security Alert will keep you up to date on the latest security holes and patches, with daily updates from key vendors, security organizations and Network World reporters. See the latest dispatches from the security here.
