I had good experience with MXTreme and Trend to protect Exchange from
outside.
Either way you will get better logging and control if you do decide to
insert a non MS product for SMTP security.
You will also get some spam control from these units.
Regards,
Gary Everekyan
CISSP, CISM, MCSE, MCT
Information Security Manager
Security and Audit
-----Original Message-----
From: Tom Burns [mailto:tburns (at) torcausa (dot) com [email concealed]]
Sent: Tuesday, November 11, 2003 3:00 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Exchange SMTP Hole?
Good morning all,
I have an exchange server that's been running for quite some time (over
a year) and had it locked down to prevent relay (spam). It is patched
all the way up to 3a.
I checked my queues yesterday and got slammed by spam relaying.
Is there a security hole that MS does not know about yet in SMTP?????
The only way I resolved this was to block connection from 219.x.x.x,
218.x.x.x, 211.x.x.x, etc.
This server has been testing aginst ORDB.ORG and shown to NOT be an open
relay.
If anyone has any suggestions, please let me know.
Thomas A. Burns
System Administrator
Torca Products Inc.
Auburn Hills, MI 48326
248-373-8300 x186
The information contained in this e-mail and any attached documents
may be privileged, confidential and protected from disclosure. If you
are not the intended recipient you may not read, copy, distribute or
use this information. If you have received this communication in
error, please notify the sender immediately by replying to this
message and then delete it from your system.
------------------------------------------------------------------------
---
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
------------------------------------------------------------------------
---
outside.
Either way you will get better logging and control if you do decide to
insert a non MS product for SMTP security.
You will also get some spam control from these units.
Regards,
Gary Everekyan
CISSP, CISM, MCSE, MCT
Information Security Manager
Security and Audit
-----Original Message-----
From: Tom Burns [mailto:tburns (at) torcausa (dot) com [email concealed]]
Sent: Tuesday, November 11, 2003 3:00 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Exchange SMTP Hole?
Good morning all,
I have an exchange server that's been running for quite some time (over
a year) and had it locked down to prevent relay (spam). It is patched
all the way up to 3a.
I checked my queues yesterday and got slammed by spam relaying.
Is there a security hole that MS does not know about yet in SMTP?????
The only way I resolved this was to block connection from 219.x.x.x,
218.x.x.x, 211.x.x.x, etc.
This server has been testing aginst ORDB.ORG and shown to NOT be an open
relay.
If anyone has any suggestions, please let me know.
Thomas A. Burns
System Administrator
Torca Products Inc.
Auburn Hills, MI 48326
248-373-8300 x186
The information contained in this e-mail and any attached documents
may be privileged, confidential and protected from disclosure. If you
are not the intended recipient you may not read, copy, distribute or
use this information. If you have received this communication in
error, please notify the sender immediately by replying to this
message and then delete it from your system.
------------------------------------------------------------------------
---
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
------------------------------------------------------------------------
---
[ reply ]