|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Does In-Place Upgrade of Microsoft Exchange Create Open Rela ys?
From: David Vincent (david.vincent
mightyoaks.com)
Date: Mon Apr 21 2003 - 10:50:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
on the subject of open relays, i started using
http://www.abuse.net/relay.html to test my servers after a large increase in
people trying to relay through us and failing. anyone have an idea how
comprehensive their tests are? there's 17 of 'em.
-d
> -----Original Message-----
> From: jmcguiresbcs.com [mailto:jmcguiresbcs.com]
> Sent: April 18, 2003 11:49 AM
> To: RPAmarantedirectvla.com; ThorHammerofGod.com;
> Jon.Kibleraset.com;
> focus-mssecurityfocus.com
> Subject: RE: Does In-Place Upgrade of Microsoft Exchange Create Open
> Relays?
>
>
> I have worked around Exchange SMTP relay by allowing relay for
> authenticated users only. Since no one can authenticate it fails. Have
> had problems with Exchange 5.5 and 2000 through different
> service packs
> that when relaying appears to be turned off, it still functions.
>
>
>
> __________________________________________
>
> JOHN MCGUIRE CISSP, MCSE2k, MCSE+I
>
> Network Security Specialist
>
> 888.529.0401
>
> jmcguiresbcs.com
>
> Strictly Business
>
> www.sbcs.com
>
>
>
> -----Original Message-----
> From: Amarante, Rodrigo P. [mailto:RPAmarantedirectvla.com]
> Sent: Thursday, April 17, 2003 5:43 PM
> To: Deus, Attonbitus; Jon R. Kibler; focus-mssecurityfocus.com
> Subject: RE: Does In-Place Upgrade of Microsoft Exchange Create Open
> Relays?
>
>
> Some people don't realize that there are also a connector
> configuration
> that could allow relaying. In the properties for the SMTP
> Connector for
> the routing group, in the address space tab there's a check box that
> states: "Allow messages to be relayed to these domains"
> Since this is a SMTP connector to the "world" (AKA Internet Mail
> Service), the "these domains" that the check box refer to are basic
> everything (*). The connector's setting overrides the SMTP Virtual
> Server settings....So if you don't want to relay, make sure the box is
> not checked and that the SMTP Virtual Server is also not allowing
> relaying.
>
> -----Original Message-----
> From: Deus, Attonbitus [mailto:ThorHammerofGod.com]
> Sent: Thursday, April 17, 2003 3:22 PM
> To: Jon R. Kibler; focus-mssecurityfocus.com
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> At 11:18 AM 4/17/2003, Jon R. Kibler wrote:
> >Over the past few months, we have seen a significant and steady
> >increase in the number of open relay MTAs that are running
> Microsoft
> >Exchange. In every case where we have been able to talk to
> someone at
> >the organization running the open relay, the universal
> comment is "Our
>
> >network consultant just upgraded our mail system."
> >
> >Since we are not an Exchange user, Microsoft will not
> discuss the issue
>
> >with us. However, we have been able to talk to a few "network
> >consultants" and the problem appears to occur when an existing (and
> >secure) version of Exchange is upgraded in-place on the
> same host. We
> >have been told that the problem is occurring on upgrades of
> Exchange
> >5.x to Exchange 2000, and Exchange 2000 to Exchange 2000
> Service Pack
> >3.
> >
> >Apparently, either of these two upgrades will cause a
> previously secure
>
> >version of Exchange to become an open relay that must be manually
> >closed.
> >
> >One person also told us that they were told that the "Exchange 2000
> >Post-Service Pack 3 (SP3) Rollup Patch 6396.1" was supposed to fix
> >the problem, but they had not tried to find and apply the patch
> >,and did not know anyone who had used it.
> >
> >Does anyone have any specific details on this problem?
>
> I had the exact same thing happen some time ago when I applied SP3 to
> one
> of my remote office Exchange Servers. I could not figure it
> out for the
>
> life of me, and could not get any help from MS on it. What was most
> strange is that the IP restrictions were in the config, but
> anyone could
>
> still relay mail through. I just figured I was temporarily insane,
> which
> these days is pretty common. I had to put the Exchange Server one hop
> in,
> and use a mail gateway to restrict my traffic. Since that was really
> the
> best way to do it anyway, I pretty much forgot about the issue until I
> read
> your post. I'll check out the rollup patch (which is not on that
> machine
> now) and see what happens.
>
> T
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
>
> iQA/AwUBPp7+4YhsmyD15h5gEQL1YACg1LXflZ7+sGVok1n5kpqqzkpLe2AAnip/
> SctU03KvRfsmPfY3vEG4iMJe
> =JS3w
> -----END PGP SIGNATURE-----
>
>
> --------------------------------------------------------------
> ----------
> -----
> Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
> the
> world's premier event for IT and network security experts.
> The two-day
> Training features 6 hand-on courses on May 12-13 taught by
> professionals.
> The two-day Briefings on May 14-15 features 24 top speakers with no
> vendor
> sales pitches. Deadline for the best rates is April 25.
> Register today
> to
> ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> --------------------------------------------------------------
> ----------
> ------
>
>
>
>
> --------------------------------------------------------------
> ----------
> -----
> Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
> the
> world's premier event for IT and network security experts.
> The two-day
> Training features 6 hand-on courses on May 12-13 taught by
> professionals.
> The two-day Briefings on May 14-15 features 24 top speakers with no
> vendor
> sales pitches. Deadline for the best rates is April 25.
> Register today
> to
> ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> --------------------------------------------------------------
> ----------
> ------
>
>
> --------------------------------------------------------------
> ---------------
> Attend Black Hat Briefings & Training Europe, May 12-15 in
> Amsterdam, the
> world's premier event for IT and network security experts.
> The two-day
> Training features 6 hand-on courses on May 12-13 taught by
> professionals.
> The two-day Briefings on May 14-15 features 24 top speakers
> with no vendor
> sales pitches. Deadline for the best rates is April 25.
> Register today to
> ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> --------------------------------------------------------------
> ----------------
>
-----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]