I thing Greg is saying that a POP3/SMTP user can't send mail OUTSIDE the organization without relaying (with authentication) turned on.
Which is another good reason to NOT expose Exchange SMTP to the outside world. It is now apparently common knowledge among spammers that Exchange defaults to allowing authenticated relaying. If you have this box checked (Q310380 & Q321825 advises to turn it on), then you are opening up your domain accounts to dictionary attacks. Even if it isn't turned on, spammers will STILL try when their scan shows your SMTP host is Exchange, eating up your bandwidth. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fyodorov, Andrey Sent: Friday, December 12, 2003 12:10 PM To: Exchange Discussions Subject: RE: Mail Processing by Exchange vs. SendMail Hey there always will be people that don't like POP3. I perfectly understand how Exchange works by the way. I also perfectly understand SMTP. Believe me, most SMTP servers out there (Exchange, iMAIL, SendMail, etc.) accept Anonymous connections. It does not meant that they relay mail for Anonymous connections. Also trust me, unless you have misconfigured something on your Exchange server, Exchange will not relay mail from an anonymous source. But it will accept ***inbound*** mail from an anonymous source because that's what it is supposed to do, being an RFC compliant SMTP server et all. Sincerely, Andrey Fyodorov, Exchange MVP Systems Engineer Messaging and Collaboration Spherion -----Original Message----- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Friday, December 12, 2003 12:00 PM To: Exchange Discussions Subject: RE: Mail Processing by Exchange vs. SendMail Yes, you were lucky. I have seen this exact scenario happen a couple times now. Fydora or whoever apparently did not understand this scenario but it is a fairly common scenario in small office environments with people on the road connecting their laptops to hotel networks and the like. Yes, OWA is available, but there are lots of people in this world that are always going to hate something like OWA. OWA in 2003 is pretty sweet, I must say, but there will always be people that don't like. > It's been a while since I've supported POP3 clients on Exchange (5.5) but, > as I recall, I had no issues with anonymous relaying. I believe that > Exchange 5.5 allowed anonymous SMTP inbound connections (that is, > connections for mail to be delivered locally) and would allow relaying by > authenticated users only. > > Or maybe I was just luckily that the spammers different find this server? > > Aaron > > -----Original Message----- > From: Greg Deckler [mailto:[EMAIL PROTECTED] > Sent: Friday, December 12, 2003 11:30 AM > To: Exchange Discussions > Subject: RE: Mail Processing by Exchange vs. SendMail > > > While I am not sure that the "Greg" in this post was directed at me or > whether this is some new form of abuse and sarcasm, it is pretty much > irrelevant as I do have some things to say on this issue. > > The biggest problem that I have had with Exchange on the outside of the SMTP > mail chain is anti-spam in a small office environment. It is not that > anti-spam functionality does not exist in Exchange, but it is in its native > implementation. The issue actually revolves around POP3 users. For your > Exchange server to serve as the end-point for SMTP connections from > anywhere, you generally have to turn on Anonymous Authentication. This > allows any SMTP server to connect to yours to send email. Now, let's say you > have POP3 users that might be connecting from anywhere they please on just > about anyone's network. To allow these people to send email, you have to > generally turn go into Relay Restrictions and turn on "Allow all computers > which successfully authenticate to relay..." The problem with this is that > Anonymous Authentication is also on, so guess what? Spammers can anonymously > authenticate and relay spam, because, apparently in the Microsoft world > Anonymous Authentication is just as good as any other Authentication. Oh > well. And yes, you can turn this checkbox off and set up specific computers, > but if they are POP3 clients connecting from anywhere, you are hosed there > and if you set up this by domain, you have a whole other set of problems, > not the least of which is that this forces a reverse DNS lookup. > > What really needs to happen with this is that Microsoft needs to simply add > a checkbox that says something along the lines of "Anonymous Authentication > can only send inbound messages and not relay." But, I guess since I am not > an MVP the likelihood of this happening is close to zero. > > In terms of speed, I do not have hard numbers, but if you buddy is making > rash statements like you indicate, he or she does not either. Tell your > buddy to show you the proof or jump off a pier. You may want to be a little > more PC. I have only seen an Exchange server's SMTP mail engine under duress > when a spammer was involved and we are talking ungodly amounts of messages > with lots of failures and retries. > > In terms of having Exchange exposed to the outside world, you can secure it, > put it in a DMZ and make it a front-end server. Again, the main issue I have > is with anti-spam in specific situations but if you don't have to worry > about POP3 users or have an extra box to point POP3 users to, then you're > good to go. > > Finally, I will point out that *technically* you do not even need Exchange > as the SMTP engine is built into Windows 2000/2003 and I have played around > with using this to serve as a host to forward SMTP mail into my Exchange > environment. It's been awhile since I really sat down with it, but if memory > serves it worked just fine. > > > > Greg, would you please help with this discussion on SendMail....Your > > > input will be highly regarded....Thanks > > > > Tell him Postfix is more secure... :P > > > > > > Personally, I like to put another server at the edge for SMTP that > > > is NOT Exchange when I can... > > > > > > As far as who's faster at processing... Who cares, can Sendmail do > > > calendaring, public folders, etc? > > > > > > -----Original Message----- > > > From: Sean Faust [mailto:[EMAIL PROTECTED] > > > Sent: Friday, December 12, 2003 9:20 AM > > > To: Exchange Discussions > > > Subject: Mail Processing by Exchange vs. SendMail > > > > > > Good Morning All, > > > > > > I have a Unix/Linux admin that is just wearing me out with regards > > > to Exchanging being 3rd rate. Given all of the variables including > > > memory, processors, etc. How much mail traffic can Exchange process > > > in an hour/day and what is the advantage if any of putting SendMail > > > in front of Exchange? > > > > > > His last statement was that SendMail can process more mail in one > > > minute than Exchagne can process in a day. > > > > > > Thanks, > > > > > > Sean > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mo > > > de=&lang > > > =english > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
