RE: SMTP Service in private DMZ OK?

From: Lawrence Brownlee (lbrownlee_at_mbnlaw.com)
Date: 01/30/04

  • Next message: Kevin E. Casey: "RE: SMTP Service in private DMZ OK?"
    Date: Fri, 30 Jan 2004 15:25:31 -0500
    To: "Steve Evans" <sevans@foundation.sdsu.edu>, <focus-ms@securityfocus.com>
    
    

    My gripe about it accepting mail for non-existent users is that it has to
    process the message anyway. The MS KnowledgeBase says there is no way to
    stop a undeliverable message from being processed. What if a malicious
    message comes in that is not caught by AV scanners and it is sent to a
    non-existent user? It still has to process this rogue message all the way
    through the queue. Rebooting the server does not stop it, it just has to run
    it's course. In my opinion, if the user doesn't exist, then bounce it
    immediately and don't waste time. I would rather reject the message and let
    the spammers go down their list, instead of wasting time processing the
    message that is going to bounce anyway.

    This is where open-source is a great candidate for protecting Exchange IMHO.


    //Lawrence Brownlee
    //Minor, Bell, and, Neal P.C.



    ##-----Original Message-----
    ##From: Steve Evans [mailto:sevans@foundation.sdsu.edu]
    ##Sent: Thursday, January 29, 2004 6:16 PM
    ##To: focus-ms@securityfocus.com
    ##Subject: RE: SMTP Service in private DMZ OK?
    ##
    ##
    ##Who is "that user" that you refer to?
    ##
    ##If your talking about the mail from: address then so what?
    ##
    ##If your talking about the rcpt to: address then so what?
    ##Would you prefer that the SMTP service reject that address
    ##right then and there, making it even easier to find out what
    ##a valid address is?
    ##
    ##I've got to be missing something.
    ##
    ##
    ##Steve Evans
    ##SDSU Foundation
    ##
    ##-----Original Message-----
    ##From: Random Task [mailto:rand0m_t4sk@yahoo.com]
    ##Sent: Tuesday, January 27, 2004 2:42 PM
    ##To: mlyman-security@comcast.net; focus-ms@securityfocus.com
    ##Subject: Re: SMTP Service in private DMZ OK?
    ##
    ##
    ##--- Mike Lyman <mlyman-security@comcast.net> wrote:
    ##> If you are talking about Window 2000 and beyond, it's locked down
    ##> against relaying by default.
    ##
    ##One issue I've found but not resolved yet is the ability to
    ##relay mail to users in a domain by using a fake email address
    ##in that domain as the
    ##From: address. Example:
    ##
    ##>> nc mail.domain.com 25
    ##220 mail.domain.com ready
    ##helo
    ##250 mail.domain.com Hello [1.2.3.4]
    ##mail from: fake-user@domain.com
    ##220 2.1.0 fake-user@domain.com....Sender OK rcpt to:
    ##real-user@domain.com 220 2.1.5 real-user@domain.com 354 Start
    ##mail input; end with <CRLF>.<CRLF>
    ##subject: blah
    ##message
    ##message
    ##.
    ##250 2.6.0 <msgid stuff> Queued mail for delivery
    ##
    ##
    ##This message went through even though that user didn't exist.
    ##This could allow an attacker to perform some social
    ##engineering of some sort, whether it's through URL
    ##redirection, reply-to address, or whatever. Has anyone seen a
    ##way to prevent this behavior in Exchange 2000/2003? GroupWise?
    ##
    ##Thanks.
    ##rt
    ##(I can respond on my real work address if you like, just request it.)
    ##
    ##__________________________________
    ##Do you Yahoo!?
    ##Yahoo! SiteBuilder - Free web site building tool. Try it!
    http://webhosting.yahoo.com/ps/sb/

    ------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------
    ---




    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
     
    Confidentiality Note:
     
    This e-mail is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, is prohibited. If you have received this e-mail in error, please call the Administrator of Minor, Bell & Neal, P.C. at 706-259-2586 and destroy the original message and all copies.
     


  • Next message: Kevin E. Casey: "RE: SMTP Service in private DMZ OK?"

    Relevant Pages

    • RE: SMTP Service in private DMZ OK?
      ... Who is "that user" that you refer to? ... If your talking about the rcpt to: ... SMTP Service in private DMZ OK? ... Do you Yahoo!? ...
      (Focus-Microsoft)
    • Re: All i want is a User unknown
      ... this "feature" first became available in Exchange 2003. ... E2K3 (when configured to filter non-existent users) will ... > rcpt to: i-do-net-exist@exchangeco.nl ...
      (microsoft.public.exchange.admin)