Security Setup Issues (Full Version)

All Forums >> [Microsoft Exchange 2000] >> Server Security



Message


SonOfPirate -> Security Setup Issues (21.Feb.2007 4:23:26 PM)

I am running Exchange 2000 for a small business that hosts its own e-mail as well as the e-mail of some of its smaller clients.  We have run into an issue where a client that was recently added cannot connect to the server using Outlook 2000, 2003 or Express.  The error message has to do with the server not responding.

As part of my troubleshooting efforts, I have tried unsuccessfully to telnet into the server from outside our network using the command: "telnet mail.mydomain.com 25".  From this, I began monitoring TCP port activity using the Windows netstat command.

What I have found is what appears to be someone (or someoneS) using our servers to relay messages.  I began doing a whois search on all of the IP addresses that connected to port 25 and repeatedly found these to be from Asia, Africa or Latin America.  In addition, when viewing the Queues for the Default SMTP Server in Enterprise Manager, the list grows dramatically when one of these IP's connects.  All messages indicates that they are being sent by postmaster@mydomain.com  I'm thinking this is a bad sign (correct my if I'm wrong).

The problem is that I don't know what settings I should have in place to properly block these outside "users" from being able to relay message but still allow our outside clients to do so.  The setup currently allows anonymous access and the relay restrictions are set to "Only the list below" and the "allow all computer which successfully authenticate..." checkbox is checked.  If I change the restriction to "All except those below", our client can connect and send e-mail from Outlook.  But, doesn't this open our server up for attacks like it appears is occuring?

How can I prevent these outside users from relaying through our server yet continue to provide POP3/SMTP access to our clients?

Thanks in advance.




Sukhdeep -> RE: Security Setup Issues (7.May2010 3:15:10 AM)

Meet the newest member of the Orion family: a powerful, scalable IP address management module that enables you and your team to create, schedule, and share IP space reports! Get affordable IP address management that is unified with performance monitoring data for a comprehensive view of network health!
SolarWinds Orion IP Address
Manager (IPAM) provides detailed visibility into IP address space usage, making it easy to minimize IP conflicts & ensure your network is always humming.
Download a free trial & discover how Orion IP Address Manager (IPAM)




shanmarsh1 -> RE: Security Setup Issues (19.Oct.2011 6:02:23 PM)

For those that may be looking for a good security setup, here is what I'm ... cause issues, I'll go into Shadow Mode and be even more confident.




Page: [1]