I need to have an event sink that will check an email address BEFORE accepting the email. The way exchange was coded is to accept any mail destined for it's domain, and then bounce that mail if the user is not valid.
The issue with this is that you can forge the header and bounce a message to anyone you want.
I goes like this...
telnet to an exchange server on port 25.
220 mail.xyz.com
helo anywhere.com
250 mail.xyz.com Hello [x.x.x.x]
mail from: [email protected]
220 2.1.0 [email protected].....Sender OK
rcpt to: [email protected]
250 2.1.5 [email protected]
The last line is the problem. It is accepting mail for invalid users!
This message will eventually be bounced to "[email protected]" !!!
This is a way to deliver SPAM off my servers!!!!
Microsoft's response was, If you need to be able to perform directory lookups before accepting mail, you can write your own event sink.
Here is the article in the KB.
http://support.microsoft.com/default.aspx?scid=kb;en-us;304897
Anyone know of an event sink that has already been written, if not, anyone able to help me write one???
--lb
The issue with this is that you can forge the header and bounce a message to anyone you want.
I goes like this...
telnet to an exchange server on port 25.
220 mail.xyz.com
helo anywhere.com
250 mail.xyz.com Hello [x.x.x.x]
mail from: [email protected]
220 2.1.0 [email protected].....Sender OK
rcpt to: [email protected]
250 2.1.5 [email protected]
The last line is the problem. It is accepting mail for invalid users!
This message will eventually be bounced to "[email protected]" !!!
This is a way to deliver SPAM off my servers!!!!
Microsoft's response was, If you need to be able to perform directory lookups before accepting mail, you can write your own event sink.
Here is the article in the KB.
http://support.microsoft.com/default.aspx?scid=kb;en-us;304897
Anyone know of an event sink that has already been written, if not, anyone able to help me write one???
--lb
