• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Breaking into Exchange 2000

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Breaking into Exchange 2000 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Breaking into Exchange 2000 - 13.May2008 3:14:25 PM   
mfarouk

 

Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
Hello all
Some of my users reported that they can send emails using my Exchange 2000 without the need to input a password. They use Outlook Express. I checked Relay setting and it is just fine.
Did anyone have such a situation before?

Your prompt response is highly appreciated.

TIA
Post #: 1
RE: Breaking into Exchange 2000 - 13.May2008 3:18:43 PM   
mark@mvps.org

 

Posts: 6811
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
What exactly are the client settings and what are the permissions on the SMTP VSI in Exchange?

_____________________________

Mark Arnold (Exchange MVP)
List Moderator

(in reply to mfarouk)
Post #: 2
RE: Breaking into Exchange 2000 - 13.May2008 3:45:35 PM   
mfarouk

 

Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
In the client settings, I set the incoming and outgoing servers as myserver.mydomain.com. In the user name, I used a ligitimate user name which has no r special rights BUT did not enter his password.
For the SMTP, it is configured to block relay as in http://www.msexchange.org/tutorials/MF005.html

Thanks again

(in reply to mark@mvps.org)
Post #: 3
RE: Breaking into Exchange 2000 - 13.May2008 4:50:37 PM   
mark@mvps.org

 

Posts: 6811
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
And what are the permissions on the SMTP VSI? Are you allowing Integrated Authentication?

_____________________________

Mark Arnold (Exchange MVP)
List Moderator

(in reply to mfarouk)
Post #: 4
RE: Breaking into Exchange 2000 - 13.May2008 4:52:22 PM   
mfarouk

 

Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
Yes it is allowed.

(in reply to mark@mvps.org)
Post #: 5
RE: Breaking into Exchange 2000 - 13.May2008 4:54:53 PM   
mark@mvps.org

 

Posts: 6811
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
Sounds ok. So, am I right in assuming that on the LAN everything is fine but if you're using a PC off the LAN (at home perhaps) you do need to supply credentials?

_____________________________

Mark Arnold (Exchange MVP)
List Moderator

(in reply to mfarouk)
Post #: 6
RE: Breaking into Exchange 2000 - 13.May2008 4:59:39 PM   
mfarouk

 

Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
Yes, the LAN is working fine.
The issue is that, remote users can send emails even if they cleared the passwrod field from the outlook configuration, i.e they can send an email with no password at all.

(in reply to mark@mvps.org)
Post #: 7
RE: Breaking into Exchange 2000 - 13.May2008 6:18:09 PM   
mark@mvps.org

 

Posts: 6811
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
Well, without you posting your exact settings (I did ask) rather than just little snippets you can't be helped too much. You've already checked the open relay thing and as long as you are sure you've checked properly you don't have one worry that might otherwise have been the case.

Either post exact information or start undoing the Integrated Authentication so that you are only left with basic and see where you get. Best to post us some really clear information though.

_____________________________

Mark Arnold (Exchange MVP)
List Moderator

(in reply to mfarouk)
Post #: 8
RE: Breaking into Exchange 2000 - 13.May2008 7:15:04 PM   
mfarouk

 

Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
I think that from server setting point of view, it is as described in the URL I mentioned earlier.

From client point of view, it is as follows
In the server tab Incoming mail --> myserver.mydomain.com
                         outgoing mail --> myserver.mydomain.com
My server requires authentication is left blank
rest of the tabs are default.

Am I missing anything here?

(in reply to mark@mvps.org)
Post #: 9
RE: Breaking into Exchange 2000 - 13.May2008 7:27:21 PM   
mark@mvps.org

 

Posts: 6811
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
One final time. Give us the permissions on your SMTP VSI. I don't care about the client at this point in time but I want to hear about perms,.

_____________________________

Mark Arnold (Exchange MVP)
List Moderator

(in reply to mfarouk)
Post #: 10
RE: Breaking into Exchange 2000 - 13.May2008 8:02:30 PM   
mfarouk

 

Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
I thought that it was enough when I pointed to that open relay URL.

However, going to ESM and checking SMTP properties, I get the following:
General tab--> it has the local ip address which is 192.168.x.x
Access tab--> in Authentication, all is checked except for TLS encryption
                     In relay, Allow all computers which successfully authenticateto relay, regardless of the list above
Message tab-->limit number of messages per connection to 20 and Limit number of recipients per message to 64,000
Delivery-->Outbound security-->anonymus access
 
I hope that I am clear this time.
 
Thanks for your time
 
 
 

(in reply to mark@mvps.org)
Post #: 11
RE: Breaking into Exchange 2000 - 13.May2008 8:09:54 PM   
mark@mvps.org

 

Posts: 6811
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
So just untick the integrated authentication and it will ask for a password. As it stands your server is negotiating with the client PC and finding that the PC/User is ok, it doesn't matter what the application thinks.

_____________________________

Mark Arnold (Exchange MVP)
List Moderator

(in reply to mfarouk)
Post #: 12
RE: Breaking into Exchange 2000 - 13.May2008 8:24:14 PM   
mfarouk

 

Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
Thanks for that.
I have few questions more, if you do not mind
1-should I re-start smtp service for changes to take effect
2-Would these changes affect my LAN users?
3- A while ago, users had to set their Outlook client to "my servers requires authrntication" and had to re-enter their user name and password.. How can I retain such setup again?

Again, thanks for your time,

(in reply to mark@mvps.org)
Post #: 13
RE: Breaking into Exchange 2000 - 13.May2008 8:26:13 PM   
mark@mvps.org

 

Posts: 6811
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
1. Yes, it kicks the changes in quickly.
2. They affect everyone.
3. That's an Outlook thing.


OK, so why are you even using POP on the LAN by the way? In fact, why are you even using POP at all if you have Outlook?

_____________________________

Mark Arnold (Exchange MVP)
List Moderator

(in reply to mfarouk)
Post #: 14
RE: Breaking into Exchange 2000 - 13.May2008 8:35:30 PM   
mfarouk

 

Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
Inside the LAN, i am using exchange server. POP is only used by remote users.

regarding my third question, could you please elaborate a bit?

Thanks Again!

(in reply to mark@mvps.org)
Post #: 15
RE: Breaking into Exchange 2000 - 13.May2008 8:40:44 PM   
mark@mvps.org

 

Posts: 6811
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
In the properties of the MAPI profile you'll see a "Security" tab and on that there's an "always ask blah" tickbox. Wording depends on the version of Outlook and the exact route to that also depends on the OL version.

I'm going to leave this thread alone now because I simply can't understand why you would want to demand another entry of the same credentials that you logged onto the workstation with, I can't understand why you use POP on the outside for remote users rather than IMAP at the very worst and RPC over HTTPS or even OWA at the good end of the spectrum.



_____________________________

Mark Arnold (Exchange MVP)
List Moderator

(in reply to mfarouk)
Post #: 16
RE: Breaking into Exchange 2000 - 13.May2008 8:48:33 PM   
mfarouk

 

Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
You have been of great help.
Answering your question about multiplre entries, I have not done that but I was responding to one of my remote users who thought that he could send emails without the server would prompt him for a password.

Thanks again

(in reply to mark@mvps.org)
Post #: 17
RE: Breaking into Exchange 2000 - 18.May2008 1:42:04 PM   
mfarouk

 

Posts: 104
Joined: 14.Feb.2005
From: Toronto
Status: offline
Mark:
I found what what causing the issue. Actually, there was no issue to take care of. What happened is due to SMTP sender authentication limitations, some users without entering any credentials in their Outlook could send messages to users inside my domain. I was responding to that issue but did not realize at the time that they can ONLY send to users inside the domain.

Again, thanks for your time.

Regards,
Mohammed

(in reply to mfarouk)
Post #: 18

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Breaking into Exchange 2000 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter