2019-09-20 - hschneider, Admin
Cookie Disclaimer: This forum uses only essential, anonymous session cookies (xmailforum*), nothing to be scared of.
Printable Version of Topic
Click here to view this topic in its original format |
XMail Forum > Announcements > MS Exchange Security Hole |
Posted by: hschneider Nov 18 2003, 12:07 PM | ||
Read the complete story at http://news.com.com/2100-7355_3-5107904.html?tag=nefd_pop |
Posted by: dfitch Nov 18 2003, 08:14 PM |
The guest acct should be disabled anyways.. You should be punished if you have it enabled... or fired!!! :-) D |
Posted by: rabbers Feb 9 2004, 06:41 PM |
I spotted a similar problem when I was trying to get mailing lists working on XMail 1.7 (ages ago). A peculiarity of the edition of Exchange server that comes with Small Business Server is that it has a POP3 mail connector. If you send an email to a POP3 box that is slurped by Microsoft POP3 connector and that email is not destined for an account on that server (i.e. if it's been sent by XMails mailing list support) then Exchange simply submits the message into it's SMTP pipeline for delivery. In most cases the SMTP configuration is set up for delivery via the internet (or at least via another trusted mail server). When using mailing lists with the W permission (as opposed to the A permission) this can lead to the entire mailing list being resent again and again in an infinite loop. I believe the behavior can be disabled, but not all installations of SBS are configured by experts! |
Posted by: hschneider Feb 9 2004, 06:44 PM |
Thanks for putting in your knowledge .. |