Re: Does merely having the IIS software on a server increase risk?

From: x y (levinson_k@excite.com)
Date: 01/28/03


From: "x y" <levinson_k@excite.com>
Date: Tue, 28 Jan 2003 10:45:11 -0500

As far as I know there are some SMTP vulnerabilities that you would want to
be sure you are running the latest patches... and also uninstall any unused
components of IIS. The WWW and FTP components of IIS are very very
vulnerable to hacking if not secured properly. Things you should consider
doing generally to secure Windows and IIS [but not specifically addressing
the SMTP service] are here:

http://securityadmin.info/faq.htm#harden

"Thomas Dulaney" <spamfilter2003@yahoo.com> wrote in message
news:002201c2c635$835d95b0$d7f82ecf@TK2MSFTNGXA14...
> Hello,
>
> I need to have SMTP services on an application server. I
> don't need or want a web server on this machine, but I
> have to have IIS installed to get the SMTP service as I
> understand it. I have stopped the default web sites that
> are created by the install. Is there hackable entry to
> the server that I need to worry about even if the web
> services (and everything else except SMTP) is turned off?
>
> Are there significant danger of being hacked through the
> SMTP port? This server houses a mission critical database
> so we want the server as crash free (and hence hack free)
> as is reasonable.
>
> Any and all advice is appreciated!!
>
> --Tom



Relevant Pages

  • Re: Attaching a CSV file to an Outlook Express Email from Access
    ... Why your code has not worked is for any internet mail messaging, SMTP ... then code written for CDO in that machine will fail. ... use the SMTP service built in their programs. ... To use with Windows NT server, ...
    (microsoft.public.access.externaldata)
  • Re: smtp mail server on win 2003 sends mail to qmail servers is rejected
    ... There are several places in our website code where we send e-mail messages ... malformed message through the SMTP server. ... IIS 6, ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • Re: IIS & Exchange: 2 x SMTP server?
    ... smtp could only be configured via Exchange ... I have no idea what happend on your Server. ... Back up the server before you reinstall IIS ...
    (microsoft.public.exchange.admin)
  • Re: IIS & Exchange: 2 x SMTP server?
    ... The Exchange Server Setup extends the IIS ... smtp could only be configured via Exchange ... I have no idea what happend on your Server. ...
    (microsoft.public.exchange.admin)
  • Filtering email on ISA
    ... Unless you choose to create a new IIS SMTP Virtual ... Server, ordinarily you will want to Server Publish ... directly to the Exchange SMTP, ...
    (microsoft.public.isa)