Does In-Place Upgrade of Microsoft Exchange Create Open Relays?
From: Jon R. Kibler (Jon.Kibler@aset.com)
Date: 04/17/03
- Previous message: dataclaus1@hushmail.com: "user level access problems: from CD"
- Next in thread: Deus, Attonbitus: "Re: Does In-Place Upgrade of Microsoft Exchange Create Open Relays?"
- Reply: Deus, Attonbitus: "Re: Does In-Place Upgrade of Microsoft Exchange Create Open Relays?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 17 Apr 2003 14:18:18 -0400 From: "Jon R. Kibler" <Jon.Kibler@aset.com> To: focus-ms@securityfocus.com
Over the past few months, we have seen a significant and steady increase in the number of open relay MTAs that are running Microsoft Exchange. In every case where we have been able to talk to someone at the organization running the open relay, the universal comment is "Our network consultant just upgraded our mail system."
Since we are not an Exchange user, Microsoft will not discuss the issue with us. However, we have been able to talk to a few "network consultants" and the problem appears to occur when an existing (and secure) version of Exchange is upgraded in-place on the same host. We have been told that the problem is occurring on upgrades of Exchange 5.x to Exchange 2000, and Exchange 2000 to Exchange 2000 Service Pack 3.
Apparently, either of these two upgrades will cause a previously secure version of Exchange to become an open relay that must be manually closed.
One person also told us that they were told that the "Exchange 2000 Post-Service Pack 3 (SP3) Rollup Patch 6396.1" was supposed to fix the problem, but they had not tried to find and apply the patch ,and did not know anyone who had used it.
Does anyone have any specific details on this problem?
Thanks in advance!
Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC USA
-----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
------------------------------------------------------------------------------
- Previous message: dataclaus1@hushmail.com: "user level access problems: from CD"
- Next in thread: Deus, Attonbitus: "Re: Does In-Place Upgrade of Microsoft Exchange Create Open Relays?"
- Reply: Deus, Attonbitus: "Re: Does In-Place Upgrade of Microsoft Exchange Create Open Relays?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
