|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Does In-Place Upgrade of Microsoft Exchange Create Open Relays?
From: Amarante, Rodrigo P. (RPAmarante
directvla.com)
Date: Thu Apr 17 2003 - 16:42:46 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Some people don't realize that there are also a connector configuration
that could allow relaying. In the properties for the SMTP Connector for
the routing group, in the address space tab there's a check box that
states: "Allow messages to be relayed to these domains"
Since this is a SMTP connector to the "world" (AKA Internet Mail
Service), the "these domains" that the check box refer to are basic
everything (*).
The connector's setting overrides the SMTP Virtual Server settings....So
if you don't want to relay, make sure the box is not checked and that
the SMTP Virtual Server is also not allowing relaying.
-----Original Message-----
From: Deus, Attonbitus [mailto:ThorHammerofGod.com]
Sent: Thursday, April 17, 2003 3:22 PM
To: Jon R. Kibler; focus-mssecurityfocus.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 11:18 AM 4/17/2003, Jon R. Kibler wrote:
>Over the past few months, we have seen a significant and steady
>increase in the number of open relay MTAs that are running
>Microsoft Exchange. In every case where we have been able to talk
>to someone at the organization running the open relay, the
>universal comment is "Our network consultant just upgraded our mail
>system."
>
>Since we are not an Exchange user, Microsoft will not discuss the
>issue with us. However, we have been able to talk to a few "network
>consultants" and the problem appears to occur when an existing (and
>secure) version of Exchange is upgraded in-place on the same host.
>We have been told that the problem is occurring on upgrades of
>Exchange 5.x to Exchange 2000, and Exchange 2000 to Exchange 2000
>Service Pack 3.
>
>Apparently, either of these two upgrades will cause a previously
>secure version of Exchange to become an open relay that must be
>manually closed.
>
>One person also told us that they were told that the "Exchange 2000
>Post-Service Pack 3 (SP3) Rollup Patch 6396.1" was supposed to fix
>the problem, but they had not tried to find and apply the patch
>,and did not know anyone who had used it.
>
>Does anyone have any specific details on this problem?
I had the exact same thing happen some time ago when I applied SP3 to
one
of my remote office Exchange Servers. I could not figure it out for
the
life of me, and could not get any help from MS on it. What was most
strange is that the IP restrictions were in the config, but anyone
could
still relay mail through. I just figured I was temporarily insane,
which
these days is pretty common. I had to put the Exchange Server one
hop in,
and use a mail gateway to restrict my traffic. Since that was really
the
best way to do it anyway, I pretty much forgot about the issue until
I read
your post. I'll check out the rollup patch (which is not on that
machine
now) and see what happens.
T
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBPp7+4YhsmyD15h5gEQL1YACg1LXflZ7+sGVok1n5kpqqzkpLe2AAnip/
SctU03KvRfsmPfY3vEG4iMJe
=JS3w
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
-----
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by
professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no
vendor
sales pitches. Deadline for the best rates is April 25. Register today
to
ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
------------------------------------------------------------------------
------
-----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]