RE: Exchange SMTP Hole?
From: Chris Lynch (lynch00_at_cox.net)
Date: 11/11/03
- Previous message: Ted Quade: "Re: Exchange SMTP Hole?"
- Maybe in reply to: Tom Burns: "Exchange SMTP Hole?"
- Next in thread: Michele: "Re: Exchange SMTP Hole?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Tom Burns'" <tburns@torcausa.com>, <focus-ms@securityfocus.com> Date: Tue, 11 Nov 2003 10:30:02 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ok. Relaying can be turned off, but there is a checkmark box on the Relay
button under the Access tab on the properties of the SMTP Virtual Server.
In there, the checkmark box is at the bottom of the window. It's name is
"Allow all computers which successfully authenticate to relay, regardless of
the list above." This is checked by default. This would override what ever
the list contains. So, if anyone has either sniffed out a valid username or
password, or even guessed at a username/password combo, they could relay to
any domain even if they are not in the list of allowed computers to relay.
Chris
- -----Original Message-----
From: Tom Burns [mailto:tburns@torcausa.com]
Sent: Tuesday, November 11, 2003 10:19 AM
To: lynch00@cox.net; focus-ms@securityfocus.com
Subject: RE: Exchange SMTP Hole?
Nope- relaying is turned off
- -----Original Message-----
From: Chris Lynch [mailto:lynch00@cox.net]
Sent: Tuesday, November 11, 2003 1:20 PM
To: Tom Burns; focus-ms@securityfocus.com
Subject: RE: Exchange SMTP Hole?
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Do you allow relaying if the connection is successfully authenticated?
If
so, then maybe someone has sniffed out a valid username and password, and is
able to relay with this.
Chris
- - -----Original Message-----
From: Tom Burns [mailto:tburns@torcausa.com]
Sent: Tuesday, November 11, 2003 6:00 AM
To: focus-ms@securityfocus.com
Subject: Exchange SMTP Hole?
Good morning all,
I have an exchange server that's been running for quite some time (over a
year) and had it locked down to prevent relay (spam). It is patched all the
way up to 3a.
I checked my queues yesterday and got slammed by spam relaying.
Is there a security hole that MS does not know about yet in SMTP?????
The only way I resolved this was to block connection from 219.x.x.x,
218.x.x.x, 211.x.x.x, etc.
This server has been testing aginst ORDB.ORG and shown to NOT be an open
relay.
If anyone has any suggestions, please let me know.
Thomas A. Burns
System Administrator
Torca Products Inc.
Auburn Hills, MI 48326
248-373-8300 x186
- -
- ------------------------------------------------------------------------
- ---
Network with over 10,000 of the brightest minds in information security at
the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and see
demos from more than 250 industry vendors. If your job touches security, you
need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
- -
- ------------------------------------------------------------------------
- ---
- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
Comment: Public PGP Key for Chris Lynch.
iQA/AwUBP7EoTm9fg+xq5T3MEQLEhgCeLvfOQ0BuYLl+UYOKDN3CnOw7EI0AoItQ
Ph7CNJcnlnJefc2nYJRiUuDR
=6wPk
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
Comment: Public PGP Key for Chris Lynch.
iQA/AwUBP7Eqqm9fg+xq5T3MEQKBZACbB5AYoMHw55pnrh2IUmRQr1z6Wt8An2SR
p1bTzGfwzBnOeISecOuzeTZw
=yYSG
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
---------------------------------------------------------------------------
- Previous message: Ted Quade: "Re: Exchange SMTP Hole?"
- Maybe in reply to: Tom Burns: "Exchange SMTP Hole?"
- Next in thread: Michele: "Re: Exchange SMTP Hole?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
