Re: Windows Server 2003 Service Pack 1

From: Bones (the.bones_at_gmail.com)
Date: 04/18/05

  • Next message: mitm: "Re: using certificates in Outlook for encryption"
    Date: Mon, 18 Apr 2005 10:47:38 -0700
    To: focus-ms@securityfocus.com
    
    

    We upgraded this weekend and only found one (security related) anomaly so far.

    If you are familiar with Exchange Server 2003, we had several "virtual
    SMTP servers" setup on various ports for the various domains we
    manage. Inbound e-mail is configured to be accepted in TCP25, but we
    have other SSL wrapped SMTP connections on higher ports that our
    external employees use to drop off mail back to the organization
    securely. Example:

    mail.domain1.com running on TCP 25 (general inbound mail connection)
    mail.domain1.com running on TCP 2525 (SSL/TLS mail for domain1 clients)
    mail.domain2.com running on TCP 2526 (SSL/TLS mail for domain2 clients)
    mail.domain3.com running on TCP 2527 (SSL/TLS mail for domain3 clients)
    etc.

    Anyway, the high-port virtual SMTP servers no longer work. We have to
    have all users change their mail client config to route them through
    the general Internet inbound connection on TCP25 (which cannot be
    wrapped in SSL for obvious reasons).

    So far M$ has no explanation. ;-/ It's a minor exposure, but not one
    we would like to have.

    Bones

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: mitm: "Re: using certificates in Outlook for encryption"

    Relevant Pages

    • Re: One workstation cant access email from ISP - CROSSPOST
      ... NSLOOKUP works to the POP and SMTP servers, but PING times out and TELNET, ... "could not open a connection to the host on port 110. ...
      (microsoft.public.exchange.admin)
    • Re: BT internet blocking some incoming emails
      ... our relays' BUT...then you cant use anyone else's relays. ... The policy of the ISP was that you could only access the POP ... connection it wouldn't respond if you tried to access the ISP's POP and SMTP ... normal for the connected ISP to allow use of their SMTP servers. ...
      (uk.telecom.broadband)
    • Re: BT internet blocking some incoming emails
      ... servers when connected to that ISP's broadband connection (it blocked ... connected to a "foreign" ISP connection it wouldn't respond if you ... tried to access the ISP's POP and SMTP servers. ... blocks anyone who isn't a customer of the ISP from attempting to access ...
      (uk.telecom.broadband)
    • Re: BT internet blocking some incoming emails
      ... servers when connected to that ISP's broadband connection (it blocked ... connected to a "foreign" ISP connection it wouldn't respond if you ... tried to access the ISP's POP and SMTP servers. ...
      (uk.telecom.broadband)
    • Re: snow lepard/mail not able to send
      ... gives list of alterative smtp servers but non work. ... Connection ...
      (comp.sys.mac.system)