RE: Does In-Place Upgrade of Microsoft Exchange Create Open Rela ys?
From: David Vincent (david.vincent@mightyoaks.com)
Date: 04/21/03
- Previous message: Anthony DiPasquale: "Re: checking server status"
- Next in thread: Peter VE: "Re: Does In-Place Upgrade of Microsoft Exchange Create Open Relays?"
- Reply: Peter VE: "Re: Does In-Place Upgrade of Microsoft Exchange Create Open Relays?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: David Vincent <david.vincent@mightyoaks.com> To: focus-ms@securityfocus.com Date: Mon, 21 Apr 2003 08:50:23 -0700
on the subject of open relays, i started using
http://www.abuse.net/relay.html to test my servers after a large increase in
people trying to relay through us and failing. anyone have an idea how
comprehensive their tests are? there's 17 of 'em.
-d
> -----Original Message-----
> From: jmcguire@sbcs.com [mailto:jmcguire@sbcs.com]
> Sent: April 18, 2003 11:49 AM
> To: RPAmarante@directvla.com; Thor@HammerofGod.com;
> Jon.Kibler@aset.com;
> focus-ms@securityfocus.com
> Subject: RE: Does In-Place Upgrade of Microsoft Exchange Create Open
> Relays?
>
>
> I have worked around Exchange SMTP relay by allowing relay for
> authenticated users only. Since no one can authenticate it fails. Have
> had problems with Exchange 5.5 and 2000 through different
> service packs
> that when relaying appears to be turned off, it still functions.
>
>
>
> __________________________________________
>
> JOHN MCGUIRE CISSP, MCSE2k, MCSE+I
>
> Network Security Specialist
>
> 888.529.0401
>
> jmcguire@sbcs.com
>
> Strictly Business
>
> www.sbcs.com
>
>
>
> -----Original Message-----
> From: Amarante, Rodrigo P. [mailto:RPAmarante@directvla.com]
> Sent: Thursday, April 17, 2003 5:43 PM
> To: Deus, Attonbitus; Jon R. Kibler; focus-ms@securityfocus.com
> Subject: RE: Does In-Place Upgrade of Microsoft Exchange Create Open
> Relays?
>
>
> Some people don't realize that there are also a connector
> configuration
> that could allow relaying. In the properties for the SMTP
> Connector for
> the routing group, in the address space tab there's a check box that
> states: "Allow messages to be relayed to these domains"
> Since this is a SMTP connector to the "world" (AKA Internet Mail
> Service), the "these domains" that the check box refer to are basic
> everything (*). The connector's setting overrides the SMTP Virtual
> Server settings....So if you don't want to relay, make sure the box is
> not checked and that the SMTP Virtual Server is also not allowing
> relaying.
>
> -----Original Message-----
> From: Deus, Attonbitus [mailto:Thor@HammerofGod.com]
> Sent: Thursday, April 17, 2003 3:22 PM
> To: Jon R. Kibler; focus-ms@securityfocus.com
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> At 11:18 AM 4/17/2003, Jon R. Kibler wrote:
> >Over the past few months, we have seen a significant and steady
> >increase in the number of open relay MTAs that are running
> Microsoft
> >Exchange. In every case where we have been able to talk to
> someone at
> >the organization running the open relay, the universal
> comment is "Our
>
> >network consultant just upgraded our mail system."
> >
> >Since we are not an Exchange user, Microsoft will not
> discuss the issue
>
> >with us. However, we have been able to talk to a few "network
> >consultants" and the problem appears to occur when an existing (and
> >secure) version of Exchange is upgraded in-place on the
> same host. We
> >have been told that the problem is occurring on upgrades of
> Exchange
> >5.x to Exchange 2000, and Exchange 2000 to Exchange 2000
> Service Pack
> >3.
> >
> >Apparently, either of these two upgrades will cause a
> previously secure
>
> >version of Exchange to become an open relay that must be manually
> >closed.
> >
> >One person also told us that they were told that the "Exchange 2000
> >Post-Service Pack 3 (SP3) Rollup Patch 6396.1" was supposed to fix
> >the problem, but they had not tried to find and apply the patch
> >,and did not know anyone who had used it.
> >
> >Does anyone have any specific details on this problem?
>
> I had the exact same thing happen some time ago when I applied SP3 to
> one
> of my remote office Exchange Servers. I could not figure it
> out for the
>
> life of me, and could not get any help from MS on it. What was most
> strange is that the IP restrictions were in the config, but
> anyone could
>
> still relay mail through. I just figured I was temporarily insane,
> which
> these days is pretty common. I had to put the Exchange Server one hop
> in,
> and use a mail gateway to restrict my traffic. Since that was really
> the
> best way to do it anyway, I pretty much forgot about the issue until I
> read
> your post. I'll check out the rollup patch (which is not on that
> machine
> now) and see what happens.
>
> T
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
>
> iQA/AwUBPp7+4YhsmyD15h5gEQL1YACg1LXflZ7+sGVok1n5kpqqzkpLe2AAnip/
> SctU03KvRfsmPfY3vEG4iMJe
> =JS3w
> -----END PGP SIGNATURE-----
>
>
> --------------------------------------------------------------
> ----------
> -----
> Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
> the
> world's premier event for IT and network security experts.
> The two-day
> Training features 6 hand-on courses on May 12-13 taught by
> professionals.
> The two-day Briefings on May 14-15 features 24 top speakers with no
> vendor
> sales pitches. Deadline for the best rates is April 25.
> Register today
> to
> ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> --------------------------------------------------------------
> ----------
> ------
>
>
>
>
> --------------------------------------------------------------
> ----------
> -----
> Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
> the
> world's premier event for IT and network security experts.
> The two-day
> Training features 6 hand-on courses on May 12-13 taught by
> professionals.
> The two-day Briefings on May 14-15 features 24 top speakers with no
> vendor
> sales pitches. Deadline for the best rates is April 25.
> Register today
> to
> ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> --------------------------------------------------------------
> ----------
> ------
>
>
> --------------------------------------------------------------
> ---------------
> Attend Black Hat Briefings & Training Europe, May 12-15 in
> Amsterdam, the
> world's premier event for IT and network security experts.
> The two-day
> Training features 6 hand-on courses on May 12-13 taught by
> professionals.
> The two-day Briefings on May 14-15 features 24 top speakers
> with no vendor
> sales pitches. Deadline for the best rates is April 25.
> Register today to
> ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> --------------------------------------------------------------
> ----------------
>
-----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
------------------------------------------------------------------------------
- Previous message: Anthony DiPasquale: "Re: checking server status"
- Next in thread: Peter VE: "Re: Does In-Place Upgrade of Microsoft Exchange Create Open Relays?"
- Reply: Peter VE: "Re: Does In-Place Upgrade of Microsoft Exchange Create Open Relays?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
