• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SMTP authentication/relay weirdness - sorry for the double post!

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> SMTP authentication/relay weirdness - sorry for the double post! Page: [1]
Login
Message << Older Topic   Newer Topic >>
SMTP authentication/relay weirdness - sorry for the dou... - 28.Oct.2003 9:59:00 PM   
chillzatl

 

Posts: 7
Joined: 25.Jan.2003
From: Atlanta
Status: offline
Hi all. I'm trying to get some SMTP authentication issues ironed out and I've discovered some things that didn't seem quite right to me.

I have quite a few users that travel. While they are on the road I have them pulling their mail via pop3 and using our SMTP to send. I would have them just use OWA but they complained enough and I was overruled. So while working on a users outlook settings the other day I noticed some "strange" behaviour from the SMTP for these off-site users.

I have all these off-site users set to authenticate with the SMTP server and to use the same credentials they are using for pop3. Everything works fine. Here's where things get strange...

1. If I uncheck the option to Authenticate with the SMTP server, I get a relay restriction error. This IS expected.

2. If I have the SMTP authentication option checked and I have it set to use their POP3 credentials (or manually giving their UN/PW) BUT I have their email client configured with an invalid email address (one that doesn't exist on our server), the mail refuses to send and I get a relay error.

3. If I have the mail client configured with the correct email address but I also set the SMTP authentication by manually specifying the Un/PW, it does not matter what UN/PW I enter, the mail will still send successfully. Basically I can enter any UN/PW, whether that account actually exists on our domain or not, and the mail will still relay.

Is this by design? This seems like a pretty serious security flaw to me.

Just for the record I have my relay restrictions set to allow only the ones listed (none listed) and to allow all authenticated users to relay mail.

So again, is this some security flaw or have I screwed something up? Or is there another explanation for all this that I am overlooking? Thanks!
Post #: 1
RE: SMTP authentication/relay weirdness - sorry for the... - 30.Oct.2003 4:51:00 PM   
HaTaX

 

Posts: 4
Joined: 30.Oct.2003
From: Minnesota
Status: offline
I have had the same problem with spamming, so I tried a few things to figure it out.

I set the logging to maximum and was watching the event log to see what user it was authenticating it under, I found it to be the guest account if it doesn't recognize the UN/PW. So until I get an answer in my thread, I disabled the guest account and it rejects the unknown users now.

(in reply to chillzatl)
Post #: 2
RE: SMTP authentication/relay weirdness - sorry for the... - 17.Nov.2003 7:43:00 AM   
rockets84

 

Posts: 5
Joined: 17.Nov.2003
From: Perth, Western Australia
Status: offline
In your SMTP virtual server go to the relay control section and remove the tick from "Allow authenicated users to relay regardless of settings above". Otherwise follow the MS document http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/prodtech/mailexch/excrelay.asp

Generally this isn't a problem as the guest account is disabled.

(in reply to chillzatl)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> SMTP authentication/relay weirdness - sorry for the double post! Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter