Problems with Exchange 2000 as open relay
From: rotaiv (rotaiv_at_BIAPO.COM)
Date: 12/16/03
- Previous message: Thomas Kristensen: "Re: [Full-Disclosure] Secunia Advisory: URL Spoofing"
- In reply to: Russ: "SBS 2003 security policy..."
- Next in thread: Russ: "Re: Problems with Exchange 2000 as open relay"
- Maybe reply: Russ: "Re: Problems with Exchange 2000 as open relay"
- Maybe reply: Richard Buckingham: "Re: Problems with Exchange 2000 as open relay"
- Maybe reply: rotaiv: "Re: Problems with Exchange 2000 as open relay"
- Maybe reply: Haluk Aydin: "FW: Problems with Exchange 2000 as open relay"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Dec 2003 13:16:14 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
We have an Exchange 2000 server (fully patches and up to date) that has
recently been blacklisted as an open relay. We are not sure how this is
possible as it has been configured to only relay from our local
subnet. When you try to manually send a message via telnet to port 25, you
get the relaying denied message. I have read numerous MS KB articles and
they all point to the same settings we already have in place.
The server has been online for several months with no issues - this
suddenly started to happen in the last couple of days. The message
tracking logs clearly show that mail is being received from outside our
network and is destined for recipients outside our domain. I was wondering
if there a new issue I am unaware off that allows people to use Exchange
2000 as a relay even when specifically configured to deny such messages?
Fortunately, our MX records point to a Linux mail server that checks for
spam so we have blocked access to port 25 at our gateway. This seems to
have stopped relay messages but it does not explain how it was possible in
the first place.
A further annoyance is that one of the "blacklist" sites actually wants $50
before they will remove us from their list.
Regards,
rotaiv
-----
Wondering how to unsubscribe from NTBugtraq? Just send a message to
Listserv@listserv.ntbugtraq.com with unsubscribe ntbugtraq in the message
body, you don't need a subject line. If it says you aren't subscribed,
you've either subscribed with a different email address or your address has
changed somehow. Just email Russ.Cooper@rc.on.ca and I'll remove you.
-----
- Previous message: Thomas Kristensen: "Re: [Full-Disclosure] Secunia Advisory: URL Spoofing"
- In reply to: Russ: "SBS 2003 security policy..."
- Next in thread: Russ: "Re: Problems with Exchange 2000 as open relay"
- Maybe reply: Russ: "Re: Problems with Exchange 2000 as open relay"
- Maybe reply: Richard Buckingham: "Re: Problems with Exchange 2000 as open relay"
- Maybe reply: rotaiv: "Re: Problems with Exchange 2000 as open relay"
- Maybe reply: Haluk Aydin: "FW: Problems with Exchange 2000 as open relay"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
