Tuesday, 20. January 2004
PermaLink Avoid Domino 4.6 as an SMTP server
Not infrequently I get messages from people along the lines of "My client is still using a 4.6 server and doesn't want to upgrade. Can you help me with... [some aspect of spam/relay enforcement]?". QV today's earlier story for an example of a typical outcome.

It occurs to me however that I should restate, lest it is not already abundantly clear, that using a Domino 4.6 server as an SMTP server in todays' Internet is not a terribly good idea. In fact I will go further. If you accept my basic premise that the first duty of any responsible administrator, before turning to the important matters of security and abuse prevention, is to ensure that his/her own system itself does no harm, then you should also be aware that using Domino 4.6 itself defeats this aim.

Let me paint a picture for you.

  • A high proportion of spam including virtually all of the most pernicious kind comes direct-to-MX from trojaned machines.
  • In virtually every case the sender envelope of these messages is spoofed, often using the email address of an innocent third party.
  • If your system is closed to relay, or the intended recipient is local and you use a protocol level block to deny the mail, the entire transaction fails at the originating SMTP client and there is no collateral damage.

Unfortunately, Domino 4.6 does not enforce anti relay as a protocol level response (554 relay rejected), but will accept email from anyone, to anyone and decide about relays afterwards. To the casual observer, a Domino 4.6 server may therefore appear to be open to relay even if closed. Consider this scenario:

  • Spammer tests Domino 4.6 host for relay. Message is accepted but bounced back to the apparent sender.
  • Either the spammer will attempt a spam run through the Domino server, treating it as an open relay
  • or the spammer will see that the Domino server can be made to deliver email to third parties by spoofing their address as the sender

In either case, the result will be that spoofed messages are accepted by the Domino 4.6 server and subsequently bounced back to the "sender".

Sure, your users will not see these messages and no reputable relay tester would conclude that your system was open to relay, but the fact remains that you are rebroadcasting abusive messages to innocent parties and there is nothing you can do about it.

Well, there is of course. Upgrade.

Time to be more assertive with those troublesome 4.6 shops that don't want to move...

Category: Domino: Administration
Technorati:

Comments :
None yet...
Unable to post a comment? Please read this for a possible explanation...
Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This won't be immediate, as trackbacks are validated on a scheduled basis. Be patient.











Search
Popular Categories
Blogs
Coffee and Cats
Computing Systems Fundamentals
DNSBLs
Domino Administration
Domino Whitelist
Dumb and Dumber
Flickr
SMTP AUTH
Show n Tell
Software
Spam
Spam Statistics
T'Internet
Trunk Monkeys
Viruses and Worms
Wallace and Gromit
Whitelisting
Wii
Monthly Archive
2008
2008
2008
2008
2008
2008
Full Archive
Other stuff
Anti-Spam Tools
Misc Links
Land banking information
ClustrMaps
Locations of visitors to this page
Contact Me
email - Chris Linfoot
skypeme
Meta
Proudly powered by IBM Lotus Domino 8 Proudly powered by IBM Lotus Domino 8

Subscribe to articles Subscribe to articles feed

Subscribe to comments Subscribe to comments feed

ROR info ROR info


My Amazon wish list Wishlist


Wikio - Top Blogs - Technology
Like what I do?
Research Autism Then please consider a donation to support the work of Research Autism.
Idea Jam
Planet Lotus
Dilbert