• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SMTP Auth login uses guest account with anything provided

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> SMTP Auth login uses guest account with anything provided Page: [1]
Login
Message << Older Topic   Newer Topic >>
SMTP Auth login uses guest account with anything provided - 30.Oct.2003 4:44:00 PM   
HaTaX

 

Posts: 4
Joined: 30.Oct.2003
From: Minnesota
Status: offline
I have a problem with my SMTP server that is allowing anyone to authenticate with it if it doesn't recognize the username and password, it just logs them in under the GUEST account and allows anyone to relay.

This is a telnet session I have with it:
220 exchange.SBS_ST_PAUL.local Microsoft ESMTP MAIL Service, Version: 5.0.2195.6
713 ready at Thu, 30 Oct 2003 09:41:36 -0600
ehlo
250-exchange.SBS_ST_PAUL.local Hello [24.118.142.86]
250-TURN
250-ATRN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
auth login
334 VXNlcm5hbWU6
jk1g2616
334 UGFzc3dvcmQ6
m1h6ljh1
235 2.7.0 Authentication successful.
mail from:user@nowhere.com
250 2.1.0 user@nowhere.com....Sender OK
rcpt to:spammer@somewhere.com
250 2.1.5 spammer@somewhere.com
data
354 Start mail input; end with <CRLF>.<CRLF>
This is a test to see if spam can be relayed
.
250 2.6.0 <EXCHANGESknvh7wFI1Z000003e8@exchange.SBS_ST_PAUL.local> Queued mail f
or delivery
quit
221 2.0.0 exchange.SBS_ST_PAUL.local Service closing transmission channel

Connection to host lost.

--------------------------------------------
So the question is, why does it allow any thing to be typed and if there is no username for it in the domain, it logs it in as the guest account, and how do I shut off the guest account from being able to send SMTP mail? I want the guest account to remain active, but I do not want the SMTP server to authenticate unknown users and passwords to the guest account.
Post #: 1
RE: SMTP Auth login uses guest account with anything pr... - 17.Nov.2003 7:39:00 AM   
rockets84

 

Posts: 5
Joined: 17.Nov.2003
From: Perth, Western Australia
Status: offline
In your SMTP virtual server go to the relay control section and remove the tick from "Allow authenicated users to relay regardless of settings above". Otherwise follow the MS document http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/prodtech/mailexch/excrelay.asp

Generally this isn't a problem as the guest account is disabled.

(in reply to HaTaX)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> SMTP Auth login uses guest account with anything provided Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter