cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1507
Views
0
Helpful
4
Replies

Any solutions?

Hello,
I have a customer who has Exchange server, behind firewall ( cisco PIX ) in private network and ironport instaled before cisco Pix .He configure his mx record for domain X to go to ironport applience and ironport routes to his server.Everything is ok, BUT he continue to recieve spam, because spammers use the old MX record which go direct on Cisco Pix out interface.The solution is :
Create a rule on cisco pix which allow to accept smtp traffic only from ironport, BUT he has Outside users who connect to Exchange server remotely via SMTP and send/recieve mails.

He don't want to install Ironport in the private network.

Any solutions about this situation?

Thanks a lot :)

4 Replies 4

It's a tough one - a lot of spam software seems to cache MX records (for a long time).

Perhaps on the Exchange server enable SMTP AUTH - so only users who can authenticate can use the Exchange SMTP service (you'll still get the spammers trying to get in though - no way around that).

Or enable SMTP AUTH on the Ironport (which then LDAPs to your Exchange or Active Directory) - and cut off access to Exchange.

Alternatively, just make everyone VPN into your private network if they want to access Exchange (cutting off direct access via SMTP from the internet).

It's a tough one -  a lot of spam software seems to cache MX records (for a long time).


I'm still seeing attempted traffic to the IP where our old MX server resided. Nothing has been configured to respond at that IP address for the last 4 1/2 months and I'm still seeing a significant number of SMTP attempts when I tcpdump for it. I can confirm it'll be a long, long time before the spammers remove that IP from their caches.

sspeerin
Level 1
Level 1


I'm still seeing attempted traffic to the IP where our old MX server resided. Nothing has been configured to respond at that IP address for the last 4 1/2 months and I'm still seeing a significant number of SMTP attempts when I tcpdump for it. I can confirm it'll be a long, long time before the spammers remove that IP from their caches.


Thats because some spamming tools come with a list of "supposed valid email server addresses" and the user just spams to that list. The tool doesn't actually validate the MX it just blasts spam to the IP address regardless.

Donald Nash
Level 3
Level 3

This is a common problem. We solved it by requiring SMTP authentication for all mail inbound to our mail server, not just for mail to be relayed. We exempt our IronPorts from this requirement. The end result is that the spammers can't authenticate, so they can't bypass the spam defenses.