Re: restrict from address

From: cuno (cunoal_at_yahoo.com)
Date: 11/22/04

• Next message: Stephen M: "Pugging the "open additional mailboxes" security hole"
• Previous message: Mark Arnold [MVP]: "Re: restrict from address"
• In reply to: Mark Arnold [MVP]: "Re: restrict from address"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 22 Nov 2004 15:45:59 +0200

i am just asking. i read an article about this. it describes that stuation
but doesn't offer exact solution. Here is

"At the beginning of this section, I said that-out of the box-Exchange 2003
and Exchange 2000 aren't publicly open relays. Depending on your level of
security paranoia, you still might consider them open relays. They're open
in the respect that anyone who can authenticate against the server can drop
off a message for delivery. The fact that anyone with a domain account can
authenticate and relay might be a problem in a higher-security environment
because authenticating does nothing to ensure that the From address
specified in the message matches the address assigned to the account used in
the authentication (if an address is assigned at all). Consider a domain
account named SteveN. The SteveN domain account might have an address of
steve.neubauer@neulan.net. The SteveN account can be used to successfully
authenticate against the SMTP virtual server to relay a message to
chris.neubauer@chris.com, but there's nothing requiring SteveN to use the
steve.neubauer@neulan.net address. He could easily use
george.bush@whitehouse.gov if he wanted to. The ability to specify any
address in the From field is inherent to the design of SMTP, but malicious
users can easily abuse it. Because relaying directly links the message back
to an organization's mail servers, some security managers consider it risky
to let everyone have relay access."

http://www.winnetmag.com/Articles/Print.cfm?ArticleID=44183

---

• Next message: Stephen M: "Pugging the "open additional mailboxes" security hole"
• Previous message: Mark Arnold [MVP]: "Re: restrict from address"
• In reply to: Mark Arnold [MVP]: "Re: restrict from address"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Massive queues ... could just as easily use the verified account. ... Exchange server, at the firewall usually takes care of any spamming ... in" and use your machine as a relay server. ... Allow all computers which successfully authenticate to relay, ... (microsoft.public.exchange.admin) Re: Massive queues ... but never saw which account it was that was causing the problem. ... Exchange server, at the firewall usually takes care of any spamming ... in" and use your machine as a relay server. ... Allow all computers which successfully authenticate to relay, ... (microsoft.public.exchange.admin) Re:Shared Fax Service Not Emailing Users ... the account being used to authenticate the relay to the Exchange Server. ... (microsoft.public.win2000.fax) Re: Unable to Relay ... You have to set the SMTP Virtual Server to allow users who authenticate to ... relay. ... When I try to setup a account in Outlook Express to use their Exchange ... (microsoft.public.exchange.admin) Re: can I connect to an external server using a local account? ... service needs to be able to connect to a database on another server. ... really don't want to change the account to be a domain account. ... If you need to authenticate off-box, you should be using a domain ... (microsoft.public.windows.server.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Exchange  > microsoft.public.exchange.admin  > 2004-11