SMTP OPEN RELAY EXPOSURE
SMTP Servers are required for messages / a.k.a. emails to fly between different end point/users’ mailboxes within several seconds. They’re nodes like junktions for messages directing and routing in combination with other necessary devices as overall solution. They are part of external and internal environments, as they need to relay messages from other applications or devices. They are also known as Open relays which can easily be compromised causing versatile damages to people and environment they are part of.
Nodes for mail routing
Open relays
External and Internal
Message relays for other applications and devices
Exposed to vulnerabilities
The Challenge
Within a bank environment a number of applications have to be accessible to own staff and customers, ensuring seemless communication via emails. A number of these systems and application report their status and availability to monitoring systems and humans. Usually such communication relays via Internal SMT Servers, which may or may not be part of External messaging solution at the same time. For a such environment like a bank or Government agencies, Finance businesses security of SMTP servers is mandatory. The thoughest challenge is to identify existing email addresses relaying via SMTP servers and their owners so they can be advised about new policing and procedures for relaying on the existing service.
The Solution
Split and dedicate External vs Internal SMTP relays. Takes time and that was the critical key in logging and identifying all email addresses. The exisitng internal SMTP servers were Domino servers allowing capturing each single message with its original sending IP address and subject being relayed through server’s mailbox in a dedicated Notes database, extracting data, analysing and identifying each single email address. This process was in place for over 6 months requiring daily attention, processing in total over 20M messages. Through analysing gathered information we had to identify owners and find them within the business. Ensure proper communication and communicate risk of current situation, change needed and new procedure in place. Providing a new forms for exisitng email addresses and future request, and a way of tracking owners from that point on – just in case of any future changes in this field.
The Results
Discovered over 5.000 different email addresses, their sources and owners. Have a solution which allowed to understand who was relaying messages through Internal SMTP servers, better control of misusing the SMTP relays and compromise security or business or environment. Split SMTP roles between External and Internal, allowing each one to tackle respective mail flow. Importantly, for a such environment like a bank, during cutover the importance of message flow was imperative and business critical. There was one single business which failed to properly follow up the new procedure in place and failed to whitelist own email addresses, causing impact to their part of business. The advantage was that we had a robust solution in place allowing us to track this business straight and remediate the issue within minutes. The solution continued logging each single messages being relayed via SMTP servers.
- Message monitoring 100%
- Message Policing 100%
- Procedure and troubleshooting 100%