Strange SMTP Server behaviour

• Previous message: Hubbard, Michael: "Disabling Telephony Service breaks SYSPREP on XP SP1"
• Next in thread: Russ: "Re: Strange SMTP Server behaviour"
• Maybe reply: Russ: "Re: Strange SMTP Server behaviour"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Wed, 26 Nov 2003 15:25:57 -0000
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Hi

During a Security Training, while checking the reception string in a few
SMTP Servers we found out that all the servers known to be running Exchange
Server from Microsoft had a strange string. All of them (except the ones
from microsoft.com) replied with something like:

"220
*******02*************************************************************2****2
******"
or
"220
*****0***************************0*2********************************2*******
*200*2***000"

All of these Exchange Servers did not recognize the standard SMTP commands
like help, hello or quit.
Apparentelly all of these servers are still running SMTP services but we
could could not check for sure.

Since this happens with a lot of Exchange Servers we asked ourselves if this
isn't a new worm spreading across the internet.

Antonio Martins
Systems Engineer
Lena Construções

----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.
----

• Previous message: Hubbard, Michael: "Disabling Telephony Service breaks SYSPREP on XP SP1"
• Next in thread: Russ: "Re: Strange SMTP Server behaviour"
• Maybe reply: Russ: "Re: Strange SMTP Server behaviour"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Intelligent Mail Filter (Mixed Mode) ... IMF needs to be enabled on the SMTP virtual serverthat receive inbound ... I am running exchange server 2003 SP2 ... the Store threshold comes into play - it is intended to ... inbound internet mail and can be said to be your gateway servers. ... (microsoft.public.exchange.admin) Re: Change to SmartHost Failed ... I'm assuming we're talking about Exchange 2003 since you didn't say. ... Do not configure a smart host in your back-end SMTP ... You created an SMTP Connector and specified the ... two front-end servers as bridgehead servers, so that dictates that all mail ... (microsoft.public.exchange.admin) Re: Exchange mailing to A records intermittently instead of MX records ??? ... Which version of Exchange 2000 are you using? ... SMTP is designed to check for MX records first, and then if it can't find ... your DNS architecture as it relates to Exchange VS's? ... >>> I ran DNSDIAG on our Exchange servers, ... (microsoft.public.exchange.connectivity) Re: Default SMTP Virtual Server - no outbound mail ... Assuming you tried to telnet from your Exchange server to a smtp host ... If you just checked by fqdn of remote smtp host and this didn't work, ... not need external DNS serverconfigured on your SMTP virtual server. ... of valid DNS servers in your perimeter network or located at your ... (microsoft.public.exchange.admin) Re: Filter email from malicious sender ... It's a simple fact that anyone can say that they're anyone using SMTP. ... It is sent from the Internet. ... E-mail option on any Exchange computers that receive mail from the ... Can I set this on the backend servers only? ... (microsoft.public.exchange.admin)