RE: SMTP Service in private DMZ OK?

From: Jolyon Wharton (j-wharton_at_epyx.co.uk)
Date: 01/15/04

  • Next message: Thomas Kerbl: "Disable NTLM on W2k"
    Date: Thu, 15 Jan 2004 10:05:38 -0000
    To: "A. Bluecoat" <abluecoat@hotmail.com>, <focus-ms@securityfocus.com>
    
    

    Hello,

    You really need to ensure that it does not become an open relay. Are
    you going to use IIS to do this job? If so then within the SMTP server
    properties -> Relay Restriction setting un tick the option 'Allow all
    computers which successfully athenticate to relay, regardless of the
    list above'. It also an idea to allow it only to relay through
    127.0.0.1. If you have any doubts about relaying then you can check you
    relay host using http://www.ordb.org/

    Regards
    Jolyon Wharton
    Software Development Executive

    -----Original Message-----
    From: A. Bluecoat [mailto:abluecoat@hotmail.com]
    Sent: 13 January 2004 23:14
    To: focus-ms@securityfocus.com
    Subject: SMTP Service in private DMZ OK?

    Hi all,

    What kind of trouble can I get into by installing the SMTP service on a
    W2K
    server in a private DMZ (double hop DMZ)? It'll be used for a web app.
    Can
    it be used as a relay? Is there some way to secure it? The box is
    already
    hardened to live in a DMZ. Thanks for any info.

    _________________________________________________________________
    Get a FREE online virus check for your PC here, from McAfee.
    http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ---
    ********************************************************************************************
    This e-mail, including any files transmitted with it, is confidential and intended solely for the individuals to whom it is addressed.
    If you have received this e-mail in error, then please notify the epyx Product Support Team on 08700 11 88 00.
    Although all incoming and outgoing messages are scanned for viruses, epyx Limited (including it's subsidiaries and divisions) will not be held responsible for any damage caused either directly or indirectly from this e-mail or any of it's attachments. 
    Any views expressed in this e-mail are those of the sender and not necessarily that of epyx Limited (including it's subsidiaries and divisions). 
    epyx Limited.
    ********************************************************************************************
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Thomas Kerbl: "Disable NTLM on W2k"

    Relevant Pages

    • Re: SMTP "Relay Denied" on localhost! (windows server 2003)
      ... to relay through the IIS SMTP Service. ... On the Access tab, click the Relay button. ... Dim bodyMSG As String ... on my local machine (using the integrated web server of Visual ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Exchange question
      ... >One thing that was brought up is that NDR's can be used to relay (the ... >Anyone setup a double SMTP setup in there network? ... spammer using the NDR to deliver the message, the email body is in the form ... however, one is only using the SMTP service, and you ...
      (Focus-Microsoft)
    • Re: Store.exe taking 100% CPU usage:Urgent
      ... I tried stopping the smtp service .And my cpu usage became ... normal .However the setting of relay is okay.Can u suggest ... Bacic authenication is checked ...
      (microsoft.public.exchange2000.information.store)
    • Re: Relaying denied after changing gateway ip
      ... Exchange server to relay SMTP through? ... I will lay odds that you have a relay configuration on your Exchange ... Make sure you stop/start the smtp service afterwards. ...
      (microsoft.public.exchange2000.admin)
    • Re: E-mail help(That helped)
      ... > valid credentials to logon to the SMTP service, so it will be denied to ... > to allow a specific IP (the IP of the machine running the application) to ... > allowed to relay. ... >> I have an asp.net web application that should send password reminder for ...
      (microsoft.public.windows.server.general)