RE: SMTP Service in private DMZ OK?

From: Lawrence Brownlee (lbrownlee_at_mbnlaw.com)
Date: 01/30/04

Next message: Kevin E. Casey: "RE: SMTP Service in private DMZ OK?"

Previous message: Steve Evans: "RE: SMTP Service in private DMZ OK?"
Maybe in reply to: A. Bluecoat: "SMTP Service in private DMZ OK?"
Next in thread: Kevin E. Casey: "RE: SMTP Service in private DMZ OK?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 30 Jan 2004 15:25:31 -0500
To: "Steve Evans" <sevans@foundation.sdsu.edu>, <focus-ms@securityfocus.com>

My gripe about it accepting mail for non-existent users is that it has to
process the message anyway. The MS KnowledgeBase says there is no way to
stop a undeliverable message from being processed. What if a malicious
message comes in that is not caught by AV scanners and it is sent to a
non-existent user? It still has to process this rogue message all the way
through the queue. Rebooting the server does not stop it, it just has to run
it's course. In my opinion, if the user doesn't exist, then bounce it
immediately and don't waste time. I would rather reject the message and let
the spammers go down their list, instead of wasting time processing the
message that is going to bounce anyway.

This is where open-source is a great candidate for protecting Exchange IMHO.

//Lawrence Brownlee
//Minor, Bell, and, Neal P.C.

##-----Original Message-----
##From: Steve Evans [mailto:sevans@foundation.sdsu.edu]
##Sent: Thursday, January 29, 2004 6:16 PM
##To: focus-ms@securityfocus.com
##Subject: RE: SMTP Service in private DMZ OK?
##
##
##Who is "that user" that you refer to?
##
##If your talking about the mail from: address then so what?
##
##If your talking about the rcpt to: address then so what?
##Would you prefer that the SMTP service reject that address
##right then and there, making it even easier to find out what
##a valid address is?
##
##I've got to be missing something.
##
##
##Steve Evans
##SDSU Foundation
##
##-----Original Message-----
##From: Random Task [mailto:rand0m_t4sk@yahoo.com]
##Sent: Tuesday, January 27, 2004 2:42 PM
##To: mlyman-security@comcast.net; focus-ms@securityfocus.com
##Subject: Re: SMTP Service in private DMZ OK?
##
##
##--- Mike Lyman <mlyman-security@comcast.net> wrote:
##> If you are talking about Window 2000 and beyond, it's locked down
##> against relaying by default.
##
##One issue I've found but not resolved yet is the ability to
##relay mail to users in a domain by using a fake email address
##in that domain as the
##From: address. Example:
##
##>> nc mail.domain.com 25
##220 mail.domain.com ready
##helo
##250 mail.domain.com Hello [1.2.3.4]
##mail from: fake-user@domain.com
##220 2.1.0 fake-user@domain.com....Sender OK rcpt to:
##real-user@domain.com 220 2.1.5 real-user@domain.com 354 Start
##mail input; end with <CRLF>.<CRLF>
##subject: blah
##message
##message
##.
##250 2.6.0 <msgid stuff> Queued mail for delivery
##
##
##This message went through even though that user didn't exist.
##This could allow an attacker to perform some social
##engineering of some sort, whether it's through URL
##redirection, reply-to address, or whatever. Has anyone seen a
##way to prevent this behavior in Exchange 2000/2003? GroupWise?
##
##Thanks.
##rt
##(I can respond on my real work address if you like, just request it.)
##
##__________________________________
##Do you Yahoo!?
##Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Confidentiality Note:

This e-mail is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, is prohibited. If you have received this e-mail in error, please call the Administrator of Minor, Bell & Neal, P.C. at 706-259-2586 and destroy the original message and all copies.

Next message: Kevin E. Casey: "RE: SMTP Service in private DMZ OK?"

Previous message: Steve Evans: "RE: SMTP Service in private DMZ OK?"
Maybe in reply to: A. Bluecoat: "SMTP Service in private DMZ OK?"
Next in thread: Kevin E. Casey: "RE: SMTP Service in private DMZ OK?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: SMTP Service in private DMZ OK?
... Who is "that user" that you refer to? ... If your talking about the rcpt to: ... SMTP Service in private DMZ OK? ... Do you Yahoo!? ...
(Focus-Microsoft)
Re: All i want is a User unknown
... this "feature" first became available in Exchange 2003. ... E2K3 (when configured to filter non-existent users) will ... > rcpt to: i-do-net-exist@exchangeco.nl ...
(microsoft.public.exchange.admin)