Jump to content
Sign in to follow this  
TomMynar

SBS 2003 Network Tool allows relaying

Recommended Posts

When running the Connect to Network tool in SBS 2003, it creates 2 entries in the RELAY section of the SMTP Virtual Server. 127.0.0.1 and the local machine's IP address. If I leave these in, someone is getting into the server and using it to relay messages-as if they were permitted. :blink:

If I remove these entries, SBS can no longer send out its' statistical reports (all other mail is sent out fine :) ).

What is it that is allowing these hackers to get THROUGH the Fortinet firewall and abUSE my server :angry: ? Or do I still have something (client) internal on the LAN that is doing this ?

Yes, I have TrendMicro on all the clients and servers. My servers/clients are up to Microsoft patch levels.

Anyone got an idea ?

Tom

Share this post


Link to post
Share on other sites

Sounds like you may have an account with a weak password that someone is using to send mail. The 127.0.0.1 and local IP of the server in the allowed relays section are necessary for the server to properly relay mail from exhange to outside SMTP servers, however, they would not allow an external SMTP server to relay through it unless it was somehow authenticating.

Share this post


Link to post
Share on other sites
Sounds like you may have an account with a weak password that someone is using to send mail. The 127.0.0.1 and local IP of the server in the allowed relays section are necessary for the server to properly relay mail from exhange to outside SMTP servers, however, they would not allow an external SMTP server to relay through it unless it was somehow authenticating.

Well, that *may* be true that we have weak passwords. But wouldn't the external SMTP server have to be permitted in the list of "only allow the following IP" ?

Since I only have 127.0.0.1 and <laniphere>, that external box *should* be coming in with the IP address of the router/firewall G/W number (NAT enabled), correct ?

The Exchange server is having NO difficulty accepting and transmitting email, without those IPs in the list.

POP protocol was enabled, I've disabled it (not needed anyways). But since I can't predict when this external source is attacking (I suspect all the time), I do *not* know I've stopped the problem.

Thanks

...Sorry, I'm not a server admin but I may have found a place for you to start (although it does not seem to be a specific solution for you): SpamCop Forum thread "[Resolved] Windows 2003 + Exchange 2003sp2 + ISA 2004."

Sorry, that didn't help any. I've already gone through all of the things he has gone through on the firewall and the server.

Thanks for searching.

Tom

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×