Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-ms > 03 > 040643.html (Request Expert securityfocus.com Support)

RE: Does In-Place Upgrade of Microsoft Exchange Create Open Relays?

From: <jmcguire(at)sbcs.com>
Date: Fri Apr 18 2003 - 14:49:18 EDT


I have worked around Exchange SMTP relay by allowing relay for authenticated users only. Since no one can authenticate it fails. Have had problems with Exchange 5.5 and 2000 through different service packs that when relaying appears to be turned off, it still functions.  

JOHN MCGUIRE CISSP, MCSE2k, MCSE+I

Network Security Specialist

888.529.0401

jmcguire@sbcs.com

Strictly Business

www.sbcs.com

-----Original Message-----
From: Amarante, Rodrigo P. [mailto:RPAmarante@directvla.com] Sent: Thursday, April 17, 2003 5:43 PM
To: Deus, Attonbitus; Jon R. Kibler; focus-ms@securityfocus.com Subject: RE: Does In-Place Upgrade of Microsoft Exchange Create Open Relays?

Do you need help?X

Some people don't realize that there are also a connector configuration that could allow relaying. In the properties for the SMTP Connector for the routing group, in the address space tab there's a check box that states: "Allow messages to be relayed to these domains" Since this is a SMTP connector to the "world" (AKA Internet Mail Service), the "these domains" that the check box refer to are basic everything (*). The connector's setting overrides the SMTP Virtual Server settings....So if you don't want to relay, make sure the box is not checked and that the SMTP Virtual Server is also not allowing relaying.

-----Original Message-----
From: Deus, Attonbitus [mailto:Thor@HammerofGod.com] Sent: Thursday, April 17, 2003 3:22 PM
To: Jon R. Kibler; focus-ms@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 11:18 AM 4/17/2003, Jon R. Kibler wrote:
>Over the past few months, we have seen a significant and steady

>network consultant just upgraded our mail system."

>with us. However, we have been able to talk to a few "network

>version of Exchange to become an open relay that must be manually
>closed.
>
>One person also told us that they were told that the "Exchange 2000
>Post-Service Pack 3 (SP3) Rollup Patch 6396.1" was supposed to fix
>the problem, but they had not tried to find and apply the patch
>,and did not know anyone who had used it.
>
>Does anyone have any specific details on this problem?

I had the exact same thing happen some time ago when I applied SP3 to one
of my remote office Exchange Servers. I could not figure it out for the

Do you need more help?X

life of me, and could not get any help from MS on it. What was most strange is that the IP restrictions were in the config, but anyone could

still relay mail through. I just figured I was temporarily insane, which
these days is pretty common. I had to put the Exchange Server one hop in,
and use a mail gateway to restrict my traffic. Since that was really the
best way to do it anyway, I pretty much forgot about the issue until I read
your post. I'll check out the rollup patch (which is not on that machine
now) and see what happens.

T

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPp7+4YhsmyD15h5gEQL1YACg1LXflZ7+sGVok1n5kpqqzkpLe2AAnip/ SctU03KvRfsmPfY3vEG4iMJe
=JS3w
-----END PGP SIGNATURE-----


Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-focus-ms

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-focus-ms

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
Received on Mon Apr 21 10:13:28 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:29 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library