I'm using openrelay tool from http://kickme.to/dpsecurity,
it has about 30 checks and includes some general vulnerability scanning as
well..
They have binaries for Win32 and unix...
----- Original Message -----
From: "David Vincent" <david.vincent (at) mightyoaks (dot) com [email concealed]>
To: <focus-ms (at) securityfocus (dot) com [email concealed]>
Sent: Monday, April 21, 2003 5:50 PM
Subject: RE: Does In-Place Upgrade of Microsoft Exchange Create Open Relays?
> on the subject of open relays, i started using
> http://www.abuse.net/relay.html to test my servers after a large increase
in
> people trying to relay through us and failing. anyone have an idea how
> comprehensive their tests are? there's 17 of 'em.
>
> -d
>
>
> > -----Original Message-----
> > From: jmcguire (at) sbcs (dot) com [email concealed] [mailto:jmcguire (at) sbcs (dot) com [email concealed]]
> > Sent: April 18, 2003 11:49 AM
> > To: RPAmarante (at) directvla (dot) com [email concealed]; Thor (at) HammerofGod (dot) com [email concealed];
> > Jon.Kibler (at) aset (dot) com [email concealed];
> > focus-ms (at) securityfocus (dot) com [email concealed]
> > Subject: RE: Does In-Place Upgrade of Microsoft Exchange Create Open
> > Relays?
> >
> >
> > I have worked around Exchange SMTP relay by allowing relay for
> > authenticated users only. Since no one can authenticate it fails. Have
> > had problems with Exchange 5.5 and 2000 through different
> > service packs
> > that when relaying appears to be turned off, it still functions.
> >
> >
> >
> > __________________________________________
> >
> > JOHN MCGUIRE CISSP, MCSE2k, MCSE+I
> >
> > Network Security Specialist
> >
> > 888.529.0401
> >
> > jmcguire (at) sbcs (dot) com [email concealed]
> >
> > Strictly Business
> >
> > www.sbcs.com
> >
> >
> >
> > -----Original Message-----
> > From: Amarante, Rodrigo P. [mailto:RPAmarante (at) directvla (dot) com [email concealed]]
> > Sent: Thursday, April 17, 2003 5:43 PM
> > To: Deus, Attonbitus; Jon R. Kibler; focus-ms (at) securityfocus (dot) com [email concealed]
> > Subject: RE: Does In-Place Upgrade of Microsoft Exchange Create Open
> > Relays?
> >
> >
> > Some people don't realize that there are also a connector
> > configuration
> > that could allow relaying. In the properties for the SMTP
> > Connector for
> > the routing group, in the address space tab there's a check box that
> > states: "Allow messages to be relayed to these domains"
> > Since this is a SMTP connector to the "world" (AKA Internet Mail
> > Service), the "these domains" that the check box refer to are basic
> > everything (*). The connector's setting overrides the SMTP Virtual
> > Server settings....So if you don't want to relay, make sure the box is
> > not checked and that the SMTP Virtual Server is also not allowing
> > relaying.
> >
> > -----Original Message-----
> > From: Deus, Attonbitus [mailto:Thor (at) HammerofGod (dot) com [email concealed]]
> > Sent: Thursday, April 17, 2003 3:22 PM
> > To: Jon R. Kibler; focus-ms (at) securityfocus (dot) com [email concealed]
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > At 11:18 AM 4/17/2003, Jon R. Kibler wrote:
> > >Over the past few months, we have seen a significant and steady
> > >increase in the number of open relay MTAs that are running
> > Microsoft
> > >Exchange. In every case where we have been able to talk to
> > someone at
> > >the organization running the open relay, the universal
> > comment is "Our
> >
> > >network consultant just upgraded our mail system."
> > >
> > >Since we are not an Exchange user, Microsoft will not
> > discuss the issue
> >
> > >with us. However, we have been able to talk to a few "network
> > >consultants" and the problem appears to occur when an existing (and
> > >secure) version of Exchange is upgraded in-place on the
> > same host. We
> > >have been told that the problem is occurring on upgrades of
> > Exchange
> > >5.x to Exchange 2000, and Exchange 2000 to Exchange 2000
> > Service Pack
> > >3.
> > >
> > >Apparently, either of these two upgrades will cause a
> > previously secure
> >
> > >version of Exchange to become an open relay that must be manually
> > >closed.
> > >
> > >One person also told us that they were told that the "Exchange 2000
> > >Post-Service Pack 3 (SP3) Rollup Patch 6396.1" was supposed to fix
> > >the problem, but they had not tried to find and apply the patch
> > >,and did not know anyone who had used it.
> > >
> > >Does anyone have any specific details on this problem?
> >
> > I had the exact same thing happen some time ago when I applied SP3 to
> > one
> > of my remote office Exchange Servers. I could not figure it
> > out for the
> >
> > life of me, and could not get any help from MS on it. What was most
> > strange is that the IP restrictions were in the config, but
> > anyone could
> >
> > still relay mail through. I just figured I was temporarily insane,
> > which
> > these days is pretty common. I had to put the Exchange Server one hop
> > in,
> > and use a mail gateway to restrict my traffic. Since that was really
> > the
> > best way to do it anyway, I pretty much forgot about the issue until I
> > read
> > your post. I'll check out the rollup patch (which is not on that
> > machine
> > now) and see what happens.
> >
> > T
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 8.0
> >
> > iQA/AwUBPp7+4YhsmyD15h5gEQL1YACg1LXflZ7+sGVok1n5kpqqzkpLe2AAnip/
> > SctU03KvRfsmPfY3vEG4iMJe
> > =JS3w
> > -----END PGP SIGNATURE-----
> >
> >
> > --------------------------------------------------------------
> > ----------
> > -----
> > Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
> > the
> > world's premier event for IT and network security experts.
> > The two-day
> > Training features 6 hand-on courses on May 12-13 taught by
> > professionals.
> > The two-day Briefings on May 14-15 features 24 top speakers with no
> > vendor
> > sales pitches. Deadline for the best rates is April 25.
> > Register today
> > to
> > ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> > --------------------------------------------------------------
> > ----------
> > ------
> >
> >
> >
> >
> > --------------------------------------------------------------
> > ----------
> > -----
> > Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
> > the
> > world's premier event for IT and network security experts.
> > The two-day
> > Training features 6 hand-on courses on May 12-13 taught by
> > professionals.
> > The two-day Briefings on May 14-15 features 24 top speakers with no
> > vendor
> > sales pitches. Deadline for the best rates is April 25.
> > Register today
> > to
> > ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> > --------------------------------------------------------------
> > ----------
> > ------
> >
> >
> > --------------------------------------------------------------
> > ---------------
> > Attend Black Hat Briefings & Training Europe, May 12-15 in
> > Amsterdam, the
> > world's premier event for IT and network security experts.
> > The two-day
> > Training features 6 hand-on courses on May 12-13 taught by
> > professionals.
> > The two-day Briefings on May 14-15 features 24 top speakers
> > with no vendor
> > sales pitches. Deadline for the best rates is April 25.
> > Register today to
> > ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> > --------------------------------------------------------------
> > ----------------
> >
>
> ------------------------------------------------------------------------
--
---
> Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
> world's premier event for IT and network security experts. The two-day
> Training features 6 hand-on courses on May 12-13 taught by professionals.
> The two-day Briefings on May 14-15 features 24 top speakers with no vendor
> sales pitches. Deadline for the best rates is April 25. Register today
to
> ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> ------------------------------------------------------------------------
--
----
>
>
>
------------------------------------------------------------------------
-----
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
------------------------------------------------------------------------
------
it has about 30 checks and includes some general vulnerability scanning as
well..
They have binaries for Win32 and unix...
----- Original Message -----
From: "David Vincent" <david.vincent (at) mightyoaks (dot) com [email concealed]>
To: <focus-ms (at) securityfocus (dot) com [email concealed]>
Sent: Monday, April 21, 2003 5:50 PM
Subject: RE: Does In-Place Upgrade of Microsoft Exchange Create Open Relays?
> on the subject of open relays, i started using
> http://www.abuse.net/relay.html to test my servers after a large increase
in
> people trying to relay through us and failing. anyone have an idea how
> comprehensive their tests are? there's 17 of 'em.
>
> -d
>
>
> > -----Original Message-----
> > From: jmcguire (at) sbcs (dot) com [email concealed] [mailto:jmcguire (at) sbcs (dot) com [email concealed]]
> > Sent: April 18, 2003 11:49 AM
> > To: RPAmarante (at) directvla (dot) com [email concealed]; Thor (at) HammerofGod (dot) com [email concealed];
> > Jon.Kibler (at) aset (dot) com [email concealed];
> > focus-ms (at) securityfocus (dot) com [email concealed]
> > Subject: RE: Does In-Place Upgrade of Microsoft Exchange Create Open
> > Relays?
> >
> >
> > I have worked around Exchange SMTP relay by allowing relay for
> > authenticated users only. Since no one can authenticate it fails. Have
> > had problems with Exchange 5.5 and 2000 through different
> > service packs
> > that when relaying appears to be turned off, it still functions.
> >
> >
> >
> > __________________________________________
> >
> > JOHN MCGUIRE CISSP, MCSE2k, MCSE+I
> >
> > Network Security Specialist
> >
> > 888.529.0401
> >
> > jmcguire (at) sbcs (dot) com [email concealed]
> >
> > Strictly Business
> >
> > www.sbcs.com
> >
> >
> >
> > -----Original Message-----
> > From: Amarante, Rodrigo P. [mailto:RPAmarante (at) directvla (dot) com [email concealed]]
> > Sent: Thursday, April 17, 2003 5:43 PM
> > To: Deus, Attonbitus; Jon R. Kibler; focus-ms (at) securityfocus (dot) com [email concealed]
> > Subject: RE: Does In-Place Upgrade of Microsoft Exchange Create Open
> > Relays?
> >
> >
> > Some people don't realize that there are also a connector
> > configuration
> > that could allow relaying. In the properties for the SMTP
> > Connector for
> > the routing group, in the address space tab there's a check box that
> > states: "Allow messages to be relayed to these domains"
> > Since this is a SMTP connector to the "world" (AKA Internet Mail
> > Service), the "these domains" that the check box refer to are basic
> > everything (*). The connector's setting overrides the SMTP Virtual
> > Server settings....So if you don't want to relay, make sure the box is
> > not checked and that the SMTP Virtual Server is also not allowing
> > relaying.
> >
> > -----Original Message-----
> > From: Deus, Attonbitus [mailto:Thor (at) HammerofGod (dot) com [email concealed]]
> > Sent: Thursday, April 17, 2003 3:22 PM
> > To: Jon R. Kibler; focus-ms (at) securityfocus (dot) com [email concealed]
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > At 11:18 AM 4/17/2003, Jon R. Kibler wrote:
> > >Over the past few months, we have seen a significant and steady
> > >increase in the number of open relay MTAs that are running
> > Microsoft
> > >Exchange. In every case where we have been able to talk to
> > someone at
> > >the organization running the open relay, the universal
> > comment is "Our
> >
> > >network consultant just upgraded our mail system."
> > >
> > >Since we are not an Exchange user, Microsoft will not
> > discuss the issue
> >
> > >with us. However, we have been able to talk to a few "network
> > >consultants" and the problem appears to occur when an existing (and
> > >secure) version of Exchange is upgraded in-place on the
> > same host. We
> > >have been told that the problem is occurring on upgrades of
> > Exchange
> > >5.x to Exchange 2000, and Exchange 2000 to Exchange 2000
> > Service Pack
> > >3.
> > >
> > >Apparently, either of these two upgrades will cause a
> > previously secure
> >
> > >version of Exchange to become an open relay that must be manually
> > >closed.
> > >
> > >One person also told us that they were told that the "Exchange 2000
> > >Post-Service Pack 3 (SP3) Rollup Patch 6396.1" was supposed to fix
> > >the problem, but they had not tried to find and apply the patch
> > >,and did not know anyone who had used it.
> > >
> > >Does anyone have any specific details on this problem?
> >
> > I had the exact same thing happen some time ago when I applied SP3 to
> > one
> > of my remote office Exchange Servers. I could not figure it
> > out for the
> >
> > life of me, and could not get any help from MS on it. What was most
> > strange is that the IP restrictions were in the config, but
> > anyone could
> >
> > still relay mail through. I just figured I was temporarily insane,
> > which
> > these days is pretty common. I had to put the Exchange Server one hop
> > in,
> > and use a mail gateway to restrict my traffic. Since that was really
> > the
> > best way to do it anyway, I pretty much forgot about the issue until I
> > read
> > your post. I'll check out the rollup patch (which is not on that
> > machine
> > now) and see what happens.
> >
> > T
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 8.0
> >
> > iQA/AwUBPp7+4YhsmyD15h5gEQL1YACg1LXflZ7+sGVok1n5kpqqzkpLe2AAnip/
> > SctU03KvRfsmPfY3vEG4iMJe
> > =JS3w
> > -----END PGP SIGNATURE-----
> >
> >
> > --------------------------------------------------------------
> > ----------
> > -----
> > Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
> > the
> > world's premier event for IT and network security experts.
> > The two-day
> > Training features 6 hand-on courses on May 12-13 taught by
> > professionals.
> > The two-day Briefings on May 14-15 features 24 top speakers with no
> > vendor
> > sales pitches. Deadline for the best rates is April 25.
> > Register today
> > to
> > ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> > --------------------------------------------------------------
> > ----------
> > ------
> >
> >
> >
> >
> > --------------------------------------------------------------
> > ----------
> > -----
> > Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
> > the
> > world's premier event for IT and network security experts.
> > The two-day
> > Training features 6 hand-on courses on May 12-13 taught by
> > professionals.
> > The two-day Briefings on May 14-15 features 24 top speakers with no
> > vendor
> > sales pitches. Deadline for the best rates is April 25.
> > Register today
> > to
> > ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> > --------------------------------------------------------------
> > ----------
> > ------
> >
> >
> > --------------------------------------------------------------
> > ---------------
> > Attend Black Hat Briefings & Training Europe, May 12-15 in
> > Amsterdam, the
> > world's premier event for IT and network security experts.
> > The two-day
> > Training features 6 hand-on courses on May 12-13 taught by
> > professionals.
> > The two-day Briefings on May 14-15 features 24 top speakers
> > with no vendor
> > sales pitches. Deadline for the best rates is April 25.
> > Register today to
> > ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> > --------------------------------------------------------------
> > ----------------
> >
>
> ------------------------------------------------------------------------
--
---
> Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
> world's premier event for IT and network security experts. The two-day
> Training features 6 hand-on courses on May 12-13 taught by professionals.
> The two-day Briefings on May 14-15 features 24 top speakers with no vendor
> sales pitches. Deadline for the best rates is April 25. Register today
to
> ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
> ------------------------------------------------------------------------
--
----
>
>
>
------------------------------------------------------------------------
-----
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-focus-ms
------------------------------------------------------------------------
------
[ reply ]