SecurityFocus

Exchange SMTP Hole? Nov 11 2003 01:59PM
Tom Burns (tburns torcausa com) (8 replies)

New Microsoft Exchange Server Vulnerability Nov 15 2003 03:32AM
Paul Kurczaba (paul myipis com) (2 replies)

Re: New Microsoft Exchange Server Vulnerability Nov 15 2003 09:24PM
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net)

Re: New Microsoft Exchange Server Vulnerability Nov 15 2003 06:15PM
Thor (thor hammerofgod com)

RE: Exchange SMTP Hole? Nov 12 2003 08:50AM
Marcin Firlag (marcin hhc pl)

Re: Exchange SMTP Hole? Nov 12 2003 12:33AM
Ken Schaefer (ken adOpenStatic com)

RE: Exchange SMTP Hole? Nov 11 2003 10:22PM
Paul Kurczaba (paul myipis com)

Re: Exchange SMTP Hole? Nov 11 2003 08:35PM
Michele (mmagni tiscalinet it)

Re: Exchange SMTP Hole? Nov 11 2003 04:28PM
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net)

Spammers are authenticating on port 25
Turn on auditing.
Ensure that the guest account is disabled and complex passwords are
being used by all accounts.
http://www.sbsfaq.com/news/getArticle.asp?MessageID=000000001A447390AA66
11CD9BC800AA002FC45A0900E049B559A334DD479C5D360FB473600B0000000187180000
F401C41B681A9640A459B27C5FF7E6840000B1E572030000&path=News

Tom Burns wrote:

>Good morning all,
>
>I have an exchange server that's been running for quite some time (over
>a year) and had it locked down to prevent relay (spam). It is patched
>all the way up to 3a.
>
>I checked my queues yesterday and got slammed by spam relaying.
>
>Is there a security hole that MS does not know about yet in SMTP?????
>
>The only way I resolved this was to block connection from 219.x.x.x,
>218.x.x.x, 211.x.x.x, etc.
>
>This server has been testing aginst ORDB.ORG and shown to NOT be an open
>relay.
>
>If anyone has any suggestions, please let me know.
>
>
>Thomas A. Burns
>System Administrator
>Torca Products Inc.
>Auburn Hills, MI 48326
>248-373-8300 x186
>
>-----------------------------------------------------------------------
----
>Network with over 10,000 of the brightest minds in information security
>at the largest, most highly-anticipated industry event of the year.
>Don't miss RSA Conference 2004! Choose from over 200 class sessions and
>see demos from more than 250 industry vendors. If your job touches
>security, you need to be here. Learn more or register at
>http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
>and use priority code SF4.
>-----------------------------------------------------------------------
----
>
>
>

--
"Don't lose sight of security. Security is a state of being,
not a state of budget. He with the most firewalls still does
not win. Put down that honeypot and keep up to date on your
patches. Demand better security from vendors and hold them
responsible. Use what you have, and make sure you know how
to use it properly and effectively."
~Rain Forest Puppy
http://www.wiretrip.net/rfp/txt/evolution.txt

------------------------------------------------------------------------
---
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
------------------------------------------------------------------------
---

[ reply ]

Re: Exchange SMTP Hole? Nov 11 2003 04:13PM
Gerald Eisenhaur (GEisenhaur Eisenhaur com)

Re: Exchange SMTP Hole? Nov 11 2003 03:55PM
Ted Quade (bait teddelee net)