MS Exchange and repeated SMTP connections..

From: Jonathon.Kalaugher@sbg-ap.com
Date: 07/25/01

• Previous message: Sam Wilson: "RE: Hacked NT/2K box"
• Next in thread: Henry Sieff: "RE: MS Exchange and repeated SMTP connections.."
• Reply: Henry Sieff: "RE: MS Exchange and repeated SMTP connections.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <E48EF4B51A3A47468CEA37E874AA16D831AAD8@eidyia.spherebusinessgroup.com>
From: Jonathon.Kalaugher@sbg-ap.com
To: focus-ms@securityfocus.com
Subject: MS Exchange and repeated SMTP connections.. 
Date: Wed, 25 Jul 2001 11:04:45 +1200

Hello list,

Firstly I would like to thank all of you contribute to this list.. it is a
great resource with heaps of valuable information.

-Background:

We have a MS Exchange Server (Win2k SP 2.0, Exchange 5.5 SP 4.0) that is
getting SMTP connections from another mail server (a business partner of
ours) every 10 seconds repeatedly for the last few days.

Until very recently our Email and webservers were exposed to the internet
with very little security in place (since remedied), so the possibility of
malicious applications/tools floating about our systems is one not to be
discounted.

No Emails are being delivered with these connections and we are not getting
any Spam or being used as SMTP relay in any way (checked www.mail-abuse.org
to see if we appear on any open Mail relay lists)
Our mailserver is configured as per MS instructions to not allow SMTP relay,
except by authorised users.

Question:

-Has anybody encountered a similar scenario?, or aware of any
vulnerabilities or exploits our partners or ourselves are possibly being
used for ?

Or is this possibly a configuration error at the partners Email server?

Any comments or suggestion will be most appreciated.

Thanking you all in advance.

Cheers

JK.

---

• Previous message: Sam Wilson: "RE: Hacked NT/2K box"
• Next in thread: Henry Sieff: "RE: MS Exchange and repeated SMTP connections.."
• Reply: Henry Sieff: "RE: MS Exchange and repeated SMTP connections.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: MS Exchange and repeated SMTP connections.. ... MS Exchange and repeated SMTP connections.. ... I would recommend running a sniffer on the segment the mail server is ... MS Exchange and repeated SMTP connections.. ... (Focus-Microsoft) Re: SBS Exchange 2003: too many "Current Sessions" opened ... that kills inetinfo.exe and starts SMTP - should ... Windows Small Business Server 2008 Unleashed ... Since exchange defaults to accepting ... IF, after a week, you are still seeing some connections, try *DISABLING* ... (microsoft.public.windows.server.sbs) Re: 550 invalid domain error ... I received the invalid domain error from this email address. ... The primary SMTP email ... for each server with users on it that is a member of the DL. ... contacts are part of a couple of distribution lists. ... (microsoft.public.exchange.admin) Re: SBS Exchange 2003: too many "Current Sessions" opened ... You really should go through the steps I posted and get the SMTP service to stop hanging in the first place. ... You'll be happier, you won't be clubbing your server every day with a kill script, and you won't have dead connections. ... You do *not* need to restart the server, ... (microsoft.public.windows.server.sbs) Externally Emailing SharePoint Discussion List Fails? ... So that I could email the list externally I had to add another SMTP ... address to my lists contact properties. ... Create a new Exchange Server Global recipient policy so ... adds the emails to the discussion list, but externally it fails. ... (microsoft.public.exchange.admin)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2001-07