Re: Relaying Breach via IIS
From: Chad A. Gross [SBS MVP] (chad.gross_at_laytonflower.nospam.com)
Date: 06/27/04
- Next message: IT PHYTOSAN: "Re: Reinstalling SBS2003"
- Previous message: Chad A. Gross [SBS MVP]: "Re: Reinstalling SBS2003"
- In reply to: Reggie Dones: "Re: Relaying Breach via IIS"
- Next in thread: Reggie Dones: "Re: Relaying Breach via IIS"
- Reply: Reggie Dones: "Re: Relaying Breach via IIS"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 26 Jun 2004 19:55:14 -0500
Hi Reggie -
OWA only requires port 80 (http) or 443 (https) depending on how you have it
configured. 25 is only necessary for recieving email (assuming you're
hosting your mail internally). Since Exchange requires IIS, I'm assuming
that the offending connections get dropped when you stop IIS because several
Exchange services depend on IIS.
As for securing your server, I would recommend the following steps (with the
server disconnected from the internet):
1) Have all users change their passwords, and require strong passwords
(combination of upper & lower case letters, numbers & special characters.)
The longer the better - and absolutely, positively NO DICTIONARY WORDS. If
the Administrator password is weak, change that too (be prepared to have
various services / scheduled tasks fail if they're using the Administrator
account and haven't been updated to use the new password).
2) Open Exchange System Manager | Servers | <servername> | Protocols |
SMTP. Right-click on Default SMTP Virtual Server and select Properties. On
the Access tab, click Relay. Make sure that:
A) 'Only the list below' is selected
B) Your server IPs are the only ones in the list
C) 'Allow all computers which successfully authenticate...' is
UNCHECKED
click OK; Click OK.
3) If you haven't done so already, configure OWA to use SSL so you can
close port 80. (I'm assuming you have two nics in the server and are using
ISA?)
Smallbizserver.Net > SBS 2000 > Exchange Server 2000 > How do I configure
OWA with SSL:
http://www.smallbizserver.net/Default.aspx?tabid=83
4) Connect your server to the internet
-- Chad A. Gross - SBS MVP SBS ROCKS! www.msmvps.com/cgross www.gosbs.org Reggie Dones wrote: > Thanks SuperGumby, but can you elaborate? How do we then secure the > web or smtp service to make OWA available to our remote users? > > Also I'm perplexed at how these servers connect via port 25 and get > cut off when we stop IIS or grant only LAN IP addresses. Any ideas? > > Thanks again, > Reggie > > > "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message > news:OqHrxg9WEHA.2908@TK2MSFTNGP10.phx.gbl... >> remote users do not need access to SMTP to use OWA. >> >> "Reggie Dones" <rfdones@argotech.net_nospam> wrote in message >> news:%23fQrOe9WEHA.4064@TK2MSFTNGP11.phx.gbl... >>> Hello all, >>> >>> We are running and SBS 2000 with a DMZ and noticed some ridiculous >>> slow down. Figured out that the web service and smtp was being >>> compromised. Although when we use netstat -an, port 25 is being >>> used to connect to us. We restricted the web site security to only >>> grant access to LAN IP's and that shut off the connections to >>> several offending ip addresses, >>> 69.42.100.8; 69.42.102.8 ; 80.68.244.119. However, we use the web >>> service to access exchange for our remote users and will need to >>> make it available to them. >>> >>> Can someone shed some light on this. Are there security settings >>> that we can use to allow our users to access OWA without >>> compromising our security and bandwidth? >>> >>> Thanks in advance. >>> Reggie Dones
- Next message: IT PHYTOSAN: "Re: Reinstalling SBS2003"
- Previous message: Chad A. Gross [SBS MVP]: "Re: Reinstalling SBS2003"
- In reply to: Reggie Dones: "Re: Relaying Breach via IIS"
- Next in thread: Reggie Dones: "Re: Relaying Breach via IIS"
- Reply: Reggie Dones: "Re: Relaying Breach via IIS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
