I checked on the system administrator menu for exchnage 5.5 and i do not ahve Internet mail service running, yet I get emails stating my server is an open relay. Is it possible spam filter is open relaying emails?

how do I lock this down on a win2k server running ms exchange v5.5?

Sorry -- delete this one

Perhaps I misunderstood.   Is Exchange and Spam Filter on the same machine?  What configuration do you have?  SpamFilter should be the very first server in the "Chain" and you must specify the hosted domains.

Regards,

Dan S.

spamfilter is installed on a win2k server that runs ms exchange v5.5

the internet mail service is not running, this is what causes open relay on ms exchange 5.5

my question to you is there a way to prevent emails from being relayed on spamfilter.

spamfilter seems to be acting as a gateway hence its acting as an open relay and I must STOP this open relay.

I checked on ms exchange and IMS is NOT installed hence its not relaying any email.

I don't need ms exchnage help, i just need help understanding how spamfilter open relays messages.

I wish to disable or prevent the open relay feature.

the spam filter is acting as a MS Mail gateway to your Exchange server.

John,

I am not sure I understand the question.  What receives inbound mail from the OUTSIDE?  And then, where does that server send it's mai to.

The "normal" configuration is that you MX record points to SpamFilter and it is the server that receives inbound mail.  Then SpamFilter forwards (relays) the messages that are not blocked to the server that has your accounts configured on it.  If that is the case, SpamFilter should have a list of allowed (hosted) domains in the "Local Domains" white lists. The "Excluded Domains / IP" White list, in most cases, is empty except for servers that AREW, in fact ALLOWED to relay through SpamFilter.

If SpamFilter and your server that receives the filtered mail are on the same machine they can not share the same IP unless you change the port of the second server.  This is actually good to do because then it will not answer on port 25 and therefore will not operate as an "Open Relay"

Does this answer your wuestion?

Regards,

Dan S. (SpamFilter USER)

John,

In the default configuration (no custom user settings) SpamFilter will *not* accept any emails to relay.

USers will need to specify a list "Local Domains" for which SpamFilter will accept email. Only emails addressed to those local domains will be accepted and then forwarded (relayed) to your destination SMTP server.

Furthermore administrators can setup several "whitelists" of domains, IP, emails, etc. Any sender that appears on the whitelist will be able to relay email thru SpamFilter to your destination SMTP server. Please note that SpamFilter will not relay emails out to the internet, it will simply forward them to the destinatino SMTP server you specify.

If users misconfigure the "Local Domains" by placing too broad of a wildcard in the list, or any other white list as a matter of fact, they will possibly cause SpamFilter to accept emails for all domains, and thus cause it to be an "open relay".

Roberto F.
LogSat Software

Actually, I have both spamfilter and Norton Antivirus Corporate running on one machine, and the e-mail server on a second machine.  The mail routes in to port 25 on the host machine, "spamhost", which is monitored by Norton Antivirus Gateway (NAVGW).  There, the mail is processed for viruses and (optionally) attachments with various extensions are blocked.  Then, NAVGW forwards the mail to a high-order port (above 1024) on the same machine (i.e. on the same IP address), so the mail "loops" back to the same machine, but a different port-number, where it finds spam-filter waiting.  Spamfilter filters out the spam, forgets to log it in the database for review (This problem is the subject of a posting I will make in a moment--it just started happening a few days ago), and then forwards on only the good mail (mostly, anyway.)  Spamfilter sends the mail to port 25 on the e-mail server which then (when the wind is blowing just right and the sun is in the appropriate astrological sign), disseminates it to the proper users. 

If I wanted to, I could put both spamfilter and NAVGW on the same machine as my e-mail server, but that would be putting all my eggs in one basket.  I figure it is always better to modularize--easier to fix a broken antivirus scanner or spam-filter without necessarily having to have the entire e-mail server down.

If Norton is the first application that receives the email, then you'll want to configure it so that it does not allow relay, since if things are as you described them, it is Norton that is accepting email from the internet and then allowing relay by passing everything to SpamFilter.

Without looking at your logs we can't be 100% certain, but it's likely that SpamFilter sees the emails originating from Norton since it would receive a connection from either the IP Norton is listening on or 127.0.0.1. Since the IP is local to the server SpamFilter will trust it and will proceed to deliver it to your mail server.

Unless Norton is able to pass-thru the original IP address of the sender so that SpamFilter sees it, you will not be able to make use of some of the filtering power SpamFilter uses by applying IP-based filters, like MAPS, reverse DNS, IP-blocking, IP-whitelisting. You'd usually want to place SpamFilter first in line to accept traffic, then forward non-spam emails to your antivirus server, which will then pass them on to your smtp server. This topology will allow SpamFilter to see the original IP of the sender and perform more accurate filtering by using the IP-based rules.

Roberto F.
LogSat Software

Vance,

Can you try stopping SpamFilter, delete the tblServersServerID line from the SpamFilter.ini file, delete the record in the tblServers table in the database containing your server, then restart SpamFilter. If that still does not work, please try following the 3 steps under the Settings tab, QuarantineDB sub-tab.

Roberto F.
LogSat Software