RE: Microsoft SMTP Service
From: Paul L Schmehl (pauls@utdallas.edu)Date: 07/26/01
- Previous message: Todd Schubert: "RE: FW: Trace of 139 attack?"
- In reply to: Michael van Zwieten: "RE: Microsoft SMTP Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Jul 2001 15:41:27 -0500 From: Paul L Schmehl <pauls@utdallas.edu> To: Michael van Zwieten <MvanZwieten@flcities.com>, 'Rich Wilson' <wk633@yahoo.com>, Matthew.Tim@cantire.com, focus-ms@securityfocus.com Subject: RE: Microsoft SMTP Service Message-ID: <4024641956.996162087@baldeagle.campus.ad.utdallas.edu>
There are a number of tricks used to bypass relay restrictions. You should
test them all. An easy way to do this is to use the relay tester at
http://www.mail-abuse.org/tsi/ar-test.html
--On Thursday, July 26, 2001 8:01 AM -0400 Michael van Zwieten
<MvanZwieten@flcities.com> wrote:
> Rich & Tim...
>
> I just recently implemented IIS using it's little virtual SMTP server, and
> things appear to be relay-safe. Since SMTP is basically only being used
> in-house directly from code on the webserver, and sending outwards, I set
> security so that it uses integrated NT authentication... When you attempt
> to relay from the outside, following these steps:
>
> telnet <smtp ip> 25
> HELO me
> MAIL FROM: bogusaddress@domain.com
>
> ... right there, it'll kick back a response saying access denied...
>
> Looks pretty safe to me, but I think I'm still applying that relay patch
> they issued recently! :)
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/securi
> ty/ bulletin/MS01-037.asp
>
> Take care,
> Mike
> -----
> Michael J. van Zwieten, MCSE
> IS Department
> (407) 835-3471 x162
> Florida League of Cities
> Orlando, Florida
>
>
>
>> -----Original Message-----
>> From: Rich Wilson [mailto:wk633@yahoo.com]
>> Sent: Wednesday, July 25, 2001 18:45
>> To: Matthew.Tim@cantire.com; focus-ms@securityfocus.com
>> Subject: Re: Microsoft SMTP Service
>>
>>
>> In SMTP properties, Access, Connection, restrict access to
>> specific IPs.
>> Configure your firewalls to only allow outbound SMTP
>> (that is, internal->DMZ->external, not the other direction)
>>
>> You should be safe to let SMTP out. Certainly letting your
>> web server relay
>> SMTP, as long as it only goes in one direction, is safer than
>> the HTTP server
>> part of its job. Between your external firewall filtering, and access
>> restriction on the Web server/mail relay, you should be safe
>> from external
>> connections. Your internal firewall should keep you safe
>> from a compromised
>> Web server/mail relay being a jump poing to your internal network.
>>
>> I'm pretty sure that IIS SMTP service uses TCP for DNS (NOT
>> UDP). At least,
>> that's the Admin at my workplace says. If you use external,
>> as opposed to DMZ
>> DNS servers, you may need to let your web server make
>> outbound TCP DNS queries.
>> That shouldn't be a big risk either.
>>
>>
>> --- Matthew.Tim@cantire.com wrote:
>> > Hello all,
>> >
>> > Has anyone used the MS SMTP service on an IIS web server?
>> Are there any
>> > security risks associated with this if the server is
>> sitting in a DMZ and
>> > will be using this to send mail out to an external mail
>> domain? Any help
>> > here would be appreciated.
>> >
>> > MT
>> >
>>
>>
>> =====
>> : __o
>> : -\<,
>> : 0/ 0
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Make international calls for as low as $.04/minute with
>> Yahoo! Messenger
>> http://phonecard.yahoo.com/
>>
Paul L. Schmehl, pauls@utdallas.edu
http://www.utdallas.edu/~pauls/
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member
- Previous message: Todd Schubert: "RE: FW: Trace of 139 attack?"
- In reply to: Michael van Zwieten: "RE: Microsoft SMTP Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
