open relay
From: Barry (anonymous_at_discussions.microsoft.com)
Date: 03/15/04
- Next message: Barry: "Re: password required"
- Previous message: Barry: "Problem Accessing OWA"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 14 Mar 2004 16:52:21 -0800
By default it isn't, but there is a little "Check Box"
with a tick in there which shouldn't be there as someone
has now found a hole to exploit this.
On the "Default SMTP Virtual Server" properties there are
4 tabs across the top of this dialogue box. The 2nd
is "Access" from memory. At the bottom of this tab is a
Button called "RELAY". Once you click on that button,
right at the very bottom is a little check box that
says "Allow any computer that successfully authenticates
to relay though this server".
I have monitored the external Network card on more than 3
sites now where this has been occurring, and you can
clearly see someone authenticate with your SMTP server,
and then start sending SMTP traffic (using a script
obviously, but using something like TELNET). This then
fills your queues. The situation is that they are not
using a user account from your system. It appears that
there is a hidden or generic account that isn't even
legible, in other words it isn't a word from the
dictionary.
There is a KB article to help you clear the queues.
This has stopped the situation from occurring again on my
sites.
Regards
Barry
>-----Original Message-----
>I found out that my server is open relay server. How do I
close it. I would
>like to secure/close my Open relay (SMTP) Exchanger 2000
server. Please help
>me.
>
>Thanks,
>
>
>.
>
- Next message: Barry: "Re: password required"
- Previous message: Barry: "Problem Accessing OWA"
- Messages sorted by: [ date ] [ thread ]
