I'm having some problems securing SMTP Relay. My customer is running Exchange 2003 with SP2. The problem is, non authorised users are able to relay through the exchange server provided they supply a user name. I believe this server must have been exploited because settings seem to be correct but the server will relay without a password to go with the valid user name.
Posts: 8196
Joined: 7.Jan.2004
From: California, USA
Status: online
Before we start looking at your configuration, give me an example of a successful SMTP relay through your server. How did you detect it? How did you verify it?
_____________________________
Regards,
Dean T. Uemura Microsoft MVP - Exchange exchangeguy.blogspot.com uemurad@yahoo.com
Thanks for replying. Well, I got a call from the company saying they couldn't send mail. Upon checking the mail queue there were thousands of spam emails in the queue. Opening up the message details showed that the sender was always someone from in the business (i.e not a bogus email address).
I have run open relay tests on the server and it says it is not an open relay. However the test does not attempt to send from a legitimate email address, only other domains. If I attempt to set an IMAP account up with a genuine email address/account but do not supply a password then I am able to send but not receive.
Posts: 2077
Joined: 11.Nov.2008
From: The Netherlands
Status: offline
If it's one account from internal, you can try changing passwords. If the account and password has been cracked, and people are using it to remotely authenticate to your machine, that would provide the scenario you describe.
Another possibility is a virus that got a hold of the e-mail addresses in use internally, and is blasting the server from the inside with the mail. SMTP logging may show you what PC (if any) this is coming from.
_____________________________
I reject your reality, and substitute my own - Adam Savage
Yep, we changed the passwords for all accounts. The issue I am experiencing though is that I want to configure SMTP for use with an iPhone and therefore need to send from their SMTP server outside of their local LAN.
I am outside of their local network now and I am able to set up an IMAP account without specifying a password and can send quite happily through the SMTP server... how do I lock the outgoing SMTP down so users need to specify both a user name and password. I thought this is how it should work based on my configuration?
Posts: 2077
Joined: 11.Nov.2008
From: The Netherlands
Status: offline
I fail to see why you need to configure SMTP for the iPhones. Exchange account on them should suffice.
Anyway... If you look at it from the client side (so from the iPhone) it should either connect to your Exchange server (through the Exchange account) which includes authentication, or it should connect to some 3rd party SMTP server (in which case Exchange couldn't care less if that uses authentication or not, since it's not talking to Exchange at that point).
Going back to the issue at hand... a heap of messages in the outbound queue that your users did not send. How to determine if your machine is an open-relay, and how to clean it up somewhat: http://support.microsoft.com/kb/324958
If these procedures yield the same result as the website, namely that your server is NOT an open relay, then all I can imagine is a possible virus on the internal side that is blasting away at Exchange with internal knowledge of e-mail addresses.
_____________________________
I reject your reality, and substitute my own - Adam Savage
Unauthorized access could come from an SMTP client instead of the standard MAPI client, such as Outlook. You should run TCPVIEW or even netstat to see who is connecting on port 25
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2003] >> Server Security >> SMTP Relay Security Vunerability 
SMTP Relay Security Vunerability - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
