RE: MS Exchange and repeated SMTP connections..

From: Henry Sieff (hsieff@orthodon.com)
Date: 07/25/01 

Message-ID: <4D5D8A4276CCD411BEB400A0C9E105C402CF6D@chaka.orthodon.com>
From: Henry Sieff <hsieff@orthodon.com>
To: "'Jonathon.Kalaugher@sbg-ap.com'" <Jonathon.Kalaugher@sbg-ap.com>, focus-ms@securityfocus.com
Subject: RE: MS Exchange and repeated SMTP connections.. 
Date: Wed, 25 Jul 2001 16:49:28 -0500

I would recommend running a sniffer on the segment the mail server is
on and watching the traffic that is being passed via those SMTP
connections. Otherwise, any answer would just be shooting in the dark
(which can be effective, but probably not in this case :)).

Henry

> -----Original Message-----
> From: Jonathon.Kalaugher@sbg-ap.com
> [mailto:Jonathon.Kalaugher@sbg-ap.com]
> Sent: Tuesday, July 24, 2001 6:05 PM
> To: focus-ms@securityfocus.com
> Subject: MS Exchange and repeated SMTP connections..
>
>
> Hello list,
>
> Firstly I would like to thank all of you contribute to this
> list.. it is a
> great resource with heaps of valuable information.
>
> -Background:
>
> We have a MS Exchange Server (Win2k SP 2.0, Exchange 5.5 SP
> 4.0) that is
> getting SMTP connections from another mail server (a business
> partner of
> ours) every 10 seconds repeatedly for the last few days.
>
> Until very recently our Email and webservers were exposed to
> the internet
> with very little security in place (since remedied), so the
> possibility of
> malicious applications/tools floating about our systems is
> one not to be
> discounted.
>
> No Emails are being delivered with these connections and we
> are not getting
> any Spam or being used as SMTP relay in any way (checked
> www.mail-abuse.org
> to see if we appear on any open Mail relay lists)
> Our mailserver is configured as per MS instructions to not
> allow SMTP relay,
> except by authorised users.
>
> Question:
>
> -Has anybody encountered a similar scenario?, or aware of any
> vulnerabilities or exploits our partners or ourselves are
> possibly being
> used for ?
>
> Or is this possibly a configuration error at the partners
> Email server?
>
> Any comments or suggestion will be most appreciated.
>
> Thanking you all in advance.
>
> Cheers
>
> JK.
>

Relevant Pages

  • Re: SBS Exchange 2003: too many "Current Sessions" opened
    ... that kills inetinfo.exe and starts SMTP - should ... Windows Small Business Server 2008 Unleashed ... Since exchange defaults to accepting ... IF, after a week, you are still seeing some connections, try *DISABLING* ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS Exchange 2003: too many "Current Sessions" opened
    ... You really should go through the steps I posted and get the SMTP service to stop hanging in the first place. ... You'll be happier, you won't be clubbing your server every day with a kill script, and you won't have dead connections. ... You do *not* need to restart the server, ...
    (microsoft.public.windows.server.sbs)
  • Re: Port 25 connections?
    ... I suppose that is the problem with smtp rather than routing it rhrough a managed service & only accepting connections from that services IP address? ... and there are automated scripts just looking for an open port 25. ... There's a lot of chance involved, as I do monitor the failed connections to a router for one of my customers, and they've never seen a port 25 attempt. ... One of my other domains never appears anywhere public, but one of our correspondents must have had their address book stolen, and that domain got hammered for a few days a couple of weeks ago, with purely made-up user names. ...
    (microsoft.public.windows.server.sbs)
  • MS Exchange and repeated SMTP connections..
    ... MS Exchange and repeated SMTP connections.. ... to see if we appear on any open Mail relay lists) ...
    (Focus-Microsoft)
  • Re: Client host rejected
    ... Use the SMTP mail server provided by the ISP to which you are ... connections from users off their domain (i.e., ... domain to use their services) or your ISP bans port 25 traffic ...
    (microsoft.public.outlook.general)