Re: Exchange SMTP Hole?
From: Gerald Eisenhaur (GEisenhaur_at_Eisenhaur.com)
Date: 11/11/03
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Exchange SMTP Hole?"
- In reply to: Tom Burns: "Exchange SMTP Hole?"
- Next in thread: Tom Burns: "RE: Exchange SMTP Hole?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Nov 2003 11:13:57 -0500 To: Tom Burns <tburns@torcausa.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Tom,
What your explaining sounds like a SMTP AUTH attack.
By default Exchange allows relaying for authorized users. So spammers
have started to brute force logins to relay spam.
Here are some articles that might help a bit
http://www.winnetmag.com/MicrosoftExchangeOutlook/Article/ArticleID/40507/MicrosoftExchangeOutlook_40507.html
http://www.vamsoft.com/orf/authattack.asp
- --Gerry
Tom Burns wrote:
| Good morning all,
|
| I have an exchange server that's been running for quite some time (over
| a year) and had it locked down to prevent relay (spam). It is patched
| all the way up to 3a.
|
| I checked my queues yesterday and got slammed by spam relaying.
|
| Is there a security hole that MS does not know about yet in SMTP?????
|
| The only way I resolved this was to block connection from 219.x.x.x,
| 218.x.x.x, 211.x.x.x, etc.
|
| This server has been testing aginst ORDB.ORG and shown to NOT be an open
| relay.
|
| If anyone has any suggestions, please let me know.
|
|
| Thomas A. Burns
| System Administrator
| Torca Products Inc.
| Auburn Hills, MI 48326
| 248-373-8300 x186
|
|
-
---------------------------------------------------------------------------
| Network with over 10,000 of the brightest minds in information security
| at the largest, most highly-anticipated industry event of the year.
| Don't miss RSA Conference 2004! Choose from over 200 class sessions and
| see demos from more than 250 industry vendors. If your job touches
| security, you need to be here. Learn more or register at
| http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
| and use priority code SF4.
|
-
---------------------------------------------------------------------------
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQE/sQrFHnA5VHh91BwRAhjTAJ4ulOVt9Wx10WvBNhPFHmzP4rAahgCgugVX
FubA1G5+4AQDc/kt45ZTnFU=
=vK0S
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
---------------------------------------------------------------------------
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Exchange SMTP Hole?"
- In reply to: Tom Burns: "Exchange SMTP Hole?"
- Next in thread: Tom Burns: "RE: Exchange SMTP Hole?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
