XMail Forum -> MS Exchange Security Hole

Cookie Disclaimer: This forum uses only essential, anonymous session cookies (xmailforum*), nothing to be scared of.

MS Exchange Security Hole, Interesting article ...

Track this topic | Email this topic | Print this topic

hschneider

Posted: Nov 18 2003, 12:07 PM

No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02

QUOTE

Mail server flaw opens Exchange to spam

Administrators of e-mail systems based on Microsoft's Exchange might have spammers using their servers to send unsolicited bulk e-mail under their noses, a consultant warned this week.

Aaron Greenspan, a Harvard University junior and president of consulting company Think Computer, published a white paper Thursday detailing the problem, discovered when a client's server was found to be sending spam. Greenspan's research concluded that Exchange 5.5 and 2000 can be used by spammers to send anonymous e-mail. He says even though software Microsoft provides on its site certifies that the server is secure, it's not.

"If the guest account is enabled (on Exchange 5.5 and 2000), even if your login fails, you can send mail, because the guest account is there as a catchall," he said. "Even if you think you've done everything (to secure the server), you are still open to spammers."
...

Read the complete story at
http://news.com.com/2100-7355_3-5107904.ht...ml?tag=nefd_pop

--------------------

Bye,
Harald

-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg

dfitch	Posted: Nov 18 2003, 08:14 PM
Advanced Member Group: Members Posts: 117 Member No.: 475 Joined: 28-February 03	The guest acct should be disabled anyways.. You should be punished if you have it enabled... or fired!!! :-) D

rabbers	Posted: Feb 9 2004, 06:41 PM
Newbie Group: Members Posts: 5 Member No.: 926 Joined: 6-February 04	I spotted a similar problem when I was trying to get mailing lists working on XMail 1.7 (ages ago). A peculiarity of the edition of Exchange server that comes with Small Business Server is that it has a POP3 mail connector. If you send an email to a POP3 box that is slurped by Microsoft POP3 connector and that email is not destined for an account on that server (i.e. if it's been sent by XMails mailing list support) then Exchange simply submits the message into it's SMTP pipeline for delivery. In most cases the SMTP configuration is set up for delivery via the internet (or at least via another trusted mail server). When using mailing lists with the W permission (as opposed to the A permission) this can lead to the entire mailing list being resent again and again in an infinite loop. I believe the behavior can be disabled, but not all installations of SBS are configured by experts!

hschneider	Posted: Feb 9 2004, 06:44 PM
No - I'm not an answering script ... Group: Admin Posts: 6631 Member No.: 195 Joined: 19-June 02	Thanks for putting in your knowledge .. -------------------- Bye, Harald -- Download XMail Queue Manager 1.46 NOW: XMail Server Tools -- Cross platform remote queue management! -- Message analyzing on the fly! -- Builtin diagnostics knowledge base! -- Manages multiple mail queues! Sponsored by CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg

0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)

0 Members:

« Next Oldest | Announcements | Next Newest »

XMailforum is a readonly knowledge archive now.

Registering as a new user or answering posts is not possible anymore.

Might the force be with you, to find here what you are looking for.