Re: Windows Server 2003 Service Pack 1
From: Bones (the.bones_at_gmail.com)
Date: 04/18/05
- Previous message: Justin Roysdon: "Fw: Re: using certificates in Outlook for encryption"
- Maybe in reply to: Thaddeus McNamara: "Windows Server 2003 Service Pack 1"
- Next in thread: Ronald Balk: "RE: Windows Server 2003 Service Pack 1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 18 Apr 2005 10:47:38 -0700 To: focus-ms@securityfocus.com
We upgraded this weekend and only found one (security related) anomaly so far.
If you are familiar with Exchange Server 2003, we had several "virtual
SMTP servers" setup on various ports for the various domains we
manage. Inbound e-mail is configured to be accepted in TCP25, but we
have other SSL wrapped SMTP connections on higher ports that our
external employees use to drop off mail back to the organization
securely. Example:
mail.domain1.com running on TCP 25 (general inbound mail connection)
mail.domain1.com running on TCP 2525 (SSL/TLS mail for domain1 clients)
mail.domain2.com running on TCP 2526 (SSL/TLS mail for domain2 clients)
mail.domain3.com running on TCP 2527 (SSL/TLS mail for domain3 clients)
etc.
Anyway, the high-port virtual SMTP servers no longer work. We have to
have all users change their mail client config to route them through
the general Internet inbound connection on TCP25 (which cannot be
wrapped in SSL for obvious reasons).
So far M$ has no explanation. ;-/ It's a minor exposure, but not one
we would like to have.
Bones
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Justin Roysdon: "Fw: Re: using certificates in Outlook for encryption"
- Maybe in reply to: Thaddeus McNamara: "Windows Server 2003 Service Pack 1"
- Next in thread: Ronald Balk: "RE: Windows Server 2003 Service Pack 1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
