Does this site look plain?

This site uses advanced css techniques

Background of Antirelay Provisioning

In the "good old days", mail servers would happily forward mail to anybody who used them, and this was offered as a kind of service to the internet community at large: if your own mail server was having troubles, you could temporarily use your neighbor's mail server to route around it.

No more: those days are long gone.

Dirtball spammers have come to "hijack" mail servers owned by others to do the hard work of delivering their trash, and this has caused enormous problems for the internet. Spammers routinely scan for these "open relays" and abuse them, and eventually this gets the mail server owner either flooded with bounced mail, put on a blacklist, or both. It's much like the bad guy sneaking a box of unstamped mail into your company's mail room: you pay the postage and send out the letters.

Securing a mail server to allow only authorized users to use is important, and this paper describes the process. Modern versions of Exchange (6, and 5.5 with the latest service packs) are not hard to secure, but some common principles are applied to all antirelay provisions.

The idea is that we tell the mail server which remote users are "trusted", and in practice this is the entire internal network. Since no outside users could ever connect from these internal IP addresses, they are "trusted".

Then, when Exchange receives a connection attempting to deliver mail, it looks at the "trusted" list: those on the list can send mail anywhere, but those not on the list can only deliver to the local machine. Others are told to get lost.

Securing Microsoft Exchange Server 6.0

Other Resources

Our Tech Tip is mainly meant to address the specific issue of Microsoft Exchange and not the larger issue of spam, but we can provide a few resources here in case this is the first place you've looked to get help on this.

A great resource is the Transport Security Initiative. They include links for:

Getting off the blacklists can be a lot more work, but it's not impossible. Some of the blacklists automatically delist your server after a certain time period (say, 90 days), and many others will periodically retest your server and remove your server automatically if it comes up clean. A few of the more helpful blacklist sites, often with instructions on how to reach the rest:

Note: - feel free to mirror or borrow this page with or without credit. Suggestions for improving this page are welcome.