Is it advisable to have a single server for both SMTP Inbound Mails and SMTP Outbound Mails keeping the relay service on? Since our main Registration Server will also act as the relay server , I think keeping the SMTP port 25 open for both inbound and outbound traffic will lead to spamming. Any malicious user on the Internet can then use this server as relay server to send spam mails to anyone else on the Internet.
Please give your views and advice on the same as soon as possible.
What can be the best solution for this?
Subject: SMTP Gateway with Relay Service on
It is one thing to unknowingly have an open relay, it another when one knowingly puts up an open relay. I guarantee you that in a matter of days someone will find your SMTP server and start using it!
Best advice, work out your mail topology without an open relay. We have 1 server that receives inbound and outbound SMTP mail. It refuses anyone not authorized for relay.
.02
Subject: SMTP Gateway with Relay Service on
I agree 100% with Tony.
Why does it need to be a relay server? Even if it does, under ND6 you can really control what IP addresses can relay through it if you absolutely need to.
One smtp server for both inbound and outbound is usually perfectly adequate. What is your topology that requires this unusual design?
Paul Benwell
Subject: SMTP Gateway with Relay Service on
There’s absolutely no problem to use the same server and to keep port 25 open. It’s very easy to block the Notes server for external relays. if fact one parameter in the server configuration doc is enough : (just put an asterisk in it)Yo can have a list of trusted ip-adresses that can relay.
It will take only some hours before an open relay will be abused …
you can find in-depth information on spam control in this redbook
Subject: SMTP Gateway with Relay Service on
I agree with suggested solutions. There is another one to increase server’s protection.
In the configuration document, “Router / SMTP” / “Restrictions and Control” / “Inbound sender control” then
“Allow messages only from the following external internet addresses/domains:” , you can list all your internal domains (we have some 15 internet domains…).
The result is that your SMTP server (inbound task) will accept only email intended for your internal internet domains. Relaying is then impossible.