Re: Windows Server 2003 Service Pack 1

From: Bones (the.bones_at_gmail.com)
Date: 04/18/05

  • Next message: mitm: "Re: using certificates in Outlook for encryption"
    Date: Mon, 18 Apr 2005 10:47:38 -0700
    To: focus-ms@securityfocus.com
    
    

    We upgraded this weekend and only found one (security related) anomaly so far.

    If you are familiar with Exchange Server 2003, we had several "virtual
    SMTP servers" setup on various ports for the various domains we
    manage. Inbound e-mail is configured to be accepted in TCP25, but we
    have other SSL wrapped SMTP connections on higher ports that our
    external employees use to drop off mail back to the organization
    securely. Example:

    mail.domain1.com running on TCP 25 (general inbound mail connection)
    mail.domain1.com running on TCP 2525 (SSL/TLS mail for domain1 clients)
    mail.domain2.com running on TCP 2526 (SSL/TLS mail for domain2 clients)
    mail.domain3.com running on TCP 2527 (SSL/TLS mail for domain3 clients)
    etc.

    Anyway, the high-port virtual SMTP servers no longer work. We have to
    have all users change their mail client config to route them through
    the general Internet inbound connection on TCP25 (which cannot be
    wrapped in SSL for obvious reasons).

    So far M$ has no explanation. ;-/ It's a minor exposure, but not one
    we would like to have.

    Bones

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: mitm: "Re: using certificates in Outlook for encryption"