We upgraded this weekend and only found one (security related) anomaly so far.
If you are familiar with Exchange Server 2003, we had several "virtual
SMTP servers" setup on various ports for the various domains we
manage. Inbound e-mail is configured to be accepted in TCP25, but we
have other SSL wrapped SMTP connections on higher ports that our
external employees use to drop off mail back to the organization
securely. Example:
mail.domain1.com running on TCP 25 (general inbound mail connection)
mail.domain1.com running on TCP 2525 (SSL/TLS mail for domain1 clients)
mail.domain2.com running on TCP 2526 (SSL/TLS mail for domain2 clients)
mail.domain3.com running on TCP 2527 (SSL/TLS mail for domain3 clients)
etc.
Anyway, the high-port virtual SMTP servers no longer work. We have to
have all users change their mail client config to route them through
the general Internet inbound connection on TCP25 (which cannot be
wrapped in SSL for obvious reasons).
So far M$ has no explanation. ;-/ It's a minor exposure, but not one
we would like to have.
If you are familiar with Exchange Server 2003, we had several "virtual
SMTP servers" setup on various ports for the various domains we
manage. Inbound e-mail is configured to be accepted in TCP25, but we
have other SSL wrapped SMTP connections on higher ports that our
external employees use to drop off mail back to the organization
securely. Example:
mail.domain1.com running on TCP 25 (general inbound mail connection)
mail.domain1.com running on TCP 2525 (SSL/TLS mail for domain1 clients)
mail.domain2.com running on TCP 2526 (SSL/TLS mail for domain2 clients)
mail.domain3.com running on TCP 2527 (SSL/TLS mail for domain3 clients)
etc.
Anyway, the high-port virtual SMTP servers no longer work. We have to
have all users change their mail client config to route them through
the general Internet inbound connection on TCP25 (which cannot be
wrapped in SSL for obvious reasons).
So far M$ has no explanation. ;-/ It's a minor exposure, but not one
we would like to have.
Bones
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]