RE: Microsoft SMTP Service
From: Michael van Zwieten (MvanZwieten@flcities.com)Date: 07/26/01
- Previous message: Free, Bob: "RE: cached passwords"
- Maybe in reply to: Matthew.Tim@cantire.com: "Microsoft SMTP Service"
- Next in thread: Paul L Schmehl: "RE: Microsoft SMTP Service"
- Reply: Paul L Schmehl: "RE: Microsoft SMTP Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <E980BE8C8980D111AA7200A0C99843A70154C839@PHOENIX> From: Michael van Zwieten <MvanZwieten@flcities.com> To: 'Rich Wilson' <wk633@yahoo.com>, Matthew.Tim@cantire.com, focus-ms@securityfocus.com Subject: RE: Microsoft SMTP Service Date: Thu, 26 Jul 2001 08:01:52 -0400
Rich & Tim...
I just recently implemented IIS using it's little virtual SMTP server, and
things appear to be relay-safe. Since SMTP is basically only being used
in-house directly from code on the webserver, and sending outwards, I set
security so that it uses integrated NT authentication... When you attempt to
relay from the outside, following these steps:
telnet <smtp ip> 25
HELO me
MAIL FROM: bogusaddress@domain.com
... right there, it'll kick back a response saying access denied...
Looks pretty safe to me, but I think I'm still applying that relay patch
they issued recently! :)
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS01-037.asp
Take care,
Mike
-----
Michael J. van Zwieten, MCSE
IS Department
(407) 835-3471 x162
Florida League of Cities
Orlando, Florida
> -----Original Message-----
> From: Rich Wilson [mailto:wk633@yahoo.com]
> Sent: Wednesday, July 25, 2001 18:45
> To: Matthew.Tim@cantire.com; focus-ms@securityfocus.com
> Subject: Re: Microsoft SMTP Service
>
>
> In SMTP properties, Access, Connection, restrict access to
> specific IPs.
> Configure your firewalls to only allow outbound SMTP
> (that is, internal->DMZ->external, not the other direction)
>
> You should be safe to let SMTP out. Certainly letting your
> web server relay
> SMTP, as long as it only goes in one direction, is safer than
> the HTTP server
> part of its job. Between your external firewall filtering, and access
> restriction on the Web server/mail relay, you should be safe
> from external
> connections. Your internal firewall should keep you safe
> from a compromised
> Web server/mail relay being a jump poing to your internal network.
>
> I'm pretty sure that IIS SMTP service uses TCP for DNS (NOT
> UDP). At least,
> that's the Admin at my workplace says. If you use external,
> as opposed to DMZ
> DNS servers, you may need to let your web server make
> outbound TCP DNS queries.
> That shouldn't be a big risk either.
>
>
> --- Matthew.Tim@cantire.com wrote:
> > Hello all,
> >
> > Has anyone used the MS SMTP service on an IIS web server?
> Are there any
> > security risks associated with this if the server is
> sitting in a DMZ and
> > will be using this to send mail out to an external mail
> domain? Any help
> > here would be appreciated.
> >
> > MT
> >
>
>
> =====
> : __o
> : -\<,
> : 0/ 0
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with
> Yahoo! Messenger
> http://phonecard.yahoo.com/
>
- Previous message: Free, Bob: "RE: cached passwords"
- Maybe in reply to: Matthew.Tim@cantire.com: "Microsoft SMTP Service"
- Next in thread: Paul L Schmehl: "RE: Microsoft SMTP Service"
- Reply: Paul L Schmehl: "RE: Microsoft SMTP Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
