RE: SMTP Service in private DMZ OK?
From: Sarbjit Singh Gill (ssgill_at_gilltechnologies.com)
Date: 01/30/04
- Previous message: Dominique Hoffman: "terminal server"
- In reply to: Random Task: "Re: SMTP Service in private DMZ OK?"
- Next in thread: Jolyon Wharton: "RE: SMTP Service in private DMZ OK?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Random Task'" <rand0m_t4sk@yahoo.com>, <mlyman-security@comcast.net>, <focus-ms@securityfocus.com> Date: Fri, 30 Jan 2004 11:15:23 +0800
You could fix this in Exchange 2003 with recipient filtering.
It is a method that can be used for reducing unsolicited
commercial e-mail by filtering inbound e-mail based on the recipient. You
can
filter e-mail that is addressed to users who are not found in the Microsoft
Active
DirectoryR directory service, or to whom the sender does not have
permissions
to send e-mail to. Then any incoming e-mail that matches this criterion is
rejected at the protocol level by Exchange returning a 550 error during the
SMTP session. You can also use recipient filtering to filter messages that
are
sent to a number of well-defined recipients, such as root@domain and
inet@domain, which is an indicative practice of unsolicited commercial
e-mail.
/Gill
-----Original Message-----
From: Random Task [mailto:rand0m_t4sk@yahoo.com]
Sent: Wednesday, January 28, 2004 6:42 AM
To: mlyman-security@comcast.net; focus-ms@securityfocus.com
Subject: Re: SMTP Service in private DMZ OK?
--- Mike Lyman <mlyman-security@comcast.net> wrote:
> If you are talking about Window 2000 and beyond, it's locked down
> against relaying by default.
One issue I've found but not resolved yet is the ability to relay mail to
users in a domain by using a fake email address in that domain as the From:
address. Example:
>> nc mail.domain.com 25
220 mail.domain.com ready
helo
250 mail.domain.com Hello [1.2.3.4]
mail from: fake-user@domain.com
220 2.1.0 fake-user@domain.com....Sender OK rcpt to: real-user@domain.com
220 2.1.5 real-user@domain.com
354 Start mail input; end with <CRLF>.<CRLF>
subject: blah
message
message
.
250 2.6.0 <msgid stuff> Queued mail for delivery
This message went through even though that user didn't exist. This could
allow an attacker to perform some social engineering of some sort, whether
it's through URL redirection, reply-to address, or whatever. Has anyone seen
a way to prevent this behavior in Exchange 2000/2003? GroupWise?
Thanks.
rt
(I can respond on my real work address if you like, just request it.)
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Dominique Hoffman: "terminal server"
- In reply to: Random Task: "Re: SMTP Service in private DMZ OK?"
- Next in thread: Jolyon Wharton: "RE: SMTP Service in private DMZ OK?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
