Version 3.9.1.3

Top  Previous  Next

Changes in version 3.9.1.3 (January 3, 2009)

 

Note: Additional changes and features are described in the release notes for version 3.8.11.12. This version was never released. Please read the release notes for this version for descriptions of changes and enhancements.

 

Enhancements

 

Spoofing Protection - When Alligate receives a message with a MAIL FROM address claiming to be a local domain, it assumes that the message is an  outgoing message. Certain procedures are handled differently or not done at all such as recipient verification. Spammers who sent messages using a local MAIL FROM address to invalid local addresses would be able to get messages past the SMTP process. The messages would not be delivered to any recipient, however the message would end up in the BadMail directory. If a sizable attack occurred, this could lead to the BadMail directory filling up with a lot of undeliverable messages and if the MAIL FROM was a legitimate local address, this could also lead to a lot of Alligate generated backscatter.

 

Alligate will now monitor undeliverable messages and add the IP address of the sender to the internal "Bomber" cache. After a few failed messages the IP address will be blocked and will also be reported to MXRate.

 

The spoofer detection uses this setting according to what you already have defined on the Message Blocking Options screen in the Alligate control panel:

 

010309

 

In this case, a sender that spoofs a local domain and sends 50 messages that are undeliverable in a 5 minute period will be blocked.

 

If you are using the replaceable delivery agent service (documented here), you will need to cease using it for spoofing detection to work properly. The quickest way to do do this is as follows:

 

Close the Alligate Control Panel.

 

Delete this entire registry key:

 

HKEY_LOCAL_MACHINE\SOFTWARE\SolidOak\Alligate\Settings\DeliveryAgent

 

Then open the control panel and start the normal Spool Service.

 

Then restart the SMTP service.

 

Sender Authentication Enforcement - Alligate can now require that all outgoing mail be authenticated. This option is located on the Authentication page in the Alligate control panel. It specifies whether all outgoing mail must be authenticated using SMTP authentication. Selecting this option will prevent address spoofing where senders use a local domain in the MAIL FROM command during the SMTP conversation. Care should be given when selecting this option to ensure that web forms and other legacy mail sending mechanisms that do not or can not authenticate will not be blocked.