RE: Microsoft SMTP Service

From: Colin Stefani (cstefani@tideworks.com)
Date: 07/25/01

• Previous message: Ryan Counts: "RE: Hacked NT/2K box"
• Maybe in reply to: Matthew.Tim@cantire.com: "Microsoft SMTP Service"
• Next in thread: Kundera : "RE: Microsoft SMTP Service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <DBC363EA37C5D311823A00508BCF2A6A07276DEA@seamail.ssofa.com>
From: Colin Stefani <cstefani@tideworks.com>
To: "'Matthew.Tim@cantire.com'" <Matthew.Tim@cantire.com>, focus-ms@securityfocus.com
Subject: RE: Microsoft SMTP Service
Date: Wed, 25 Jul 2001 13:41:51 -0700

The short answer is to block inbound SMTP sessions to that host(s) and setup
the SMTP server not to relay for other hosts, and/or not accept incoming
connections. There are a few vulnerabilities out there for MS SMTP server,
many are related to relay holes and stuff like that.

The only thing I've expressed concern about is display of internal host
names when sending. The best solution, for my networks, has been to relay
the mail through a Sendmail proxy which is configured to strip outbound
headers from the web farm machines and replace them with its own. That way
receiving hosts get mail from a known MX source (one that's listed in DNS
records) and any bouncing mail comes back either to the reply-to, from, or
host address, all of which will route back to a real mailbox.

-cs-

-----Original Message-----
From: Matthew.Tim@cantire.com [mailto:Matthew.Tim@cantire.com]
Sent: Wednesday, July 25, 2001 12:10 PM
To: focus-ms@securityfocus.com
Subject: Microsoft SMTP Service

Hello all,

Has anyone used the MS SMTP service on an IIS web server? Are there any
security risks associated with this if the server is sitting in a DMZ and
will be using this to send mail out to an external mail domain? Any help
here would be appreciated.

MT

---

• Previous message: Ryan Counts: "RE: Hacked NT/2K box"
• Maybe in reply to: Matthew.Tim@cantire.com: "Microsoft SMTP Service"
• Next in thread: Kundera : "RE: Microsoft SMTP Service"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Bad-Clients: definitely not working ... I know that for me, with RELAY enabled, and a good-clients list, I know ... or in the documentation. ... The problem is that an SMTP server needs to do SOME relaying. ... send email to hosts that are not in your domain ... (comp.os.vms) Re: SMTP "Relay Denied" on localhost! (windows server 2003) ... to relay through the IIS SMTP Service. ... On the Access tab, click the Relay button. ... Dim bodyMSG As String ... on my local machine (using the integrated web server of Visual ... (microsoft.public.dotnet.framework.aspnet) Re: Exchange question ... >One thing that was brought up is that NDR's can be used to relay (the ... >Anyone setup a double SMTP setup in there network? ... spammer using the NDR to deliver the message, the email body is in the form ... however, one is only using the SMTP service, and you ... (Focus-Microsoft) Re: Store.exe taking 100% CPU usage:Urgent ... I tried stopping the smtp service .And my cpu usage became ... normal .However the setting of relay is okay.Can u suggest ... Bacic authenication is checked ... (microsoft.public.exchange2000.information.store) Re: Relaying denied after changing gateway ip ... Exchange server to relay SMTP through? ... I will lay odds that you have a relay configuration on your Exchange ... Make sure you stop/start the smtp service afterwards. ... (microsoft.public.exchange2000.admin)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2001-07