Jump to content

SBS 2003 Network Tool allows relaying


TomMynar
 Share

Recommended Posts

When running the Connect to Network tool in SBS 2003, it creates 2 entries in the RELAY section of the SMTP Virtual Server. 127.0.0.1 and the local machine's IP address. If I leave these in, someone is getting into the server and using it to relay messages-as if they were permitted. :blink:

If I remove these entries, SBS can no longer send out its' statistical reports (all other mail is sent out fine :) ).

What is it that is allowing these hackers to get THROUGH the Fortinet firewall and abUSE my server :angry: ? Or do I still have something (client) internal on the LAN that is doing this ?

Yes, I have TrendMicro on all the clients and servers. My servers/clients are up to Microsoft patch levels.

Anyone got an idea ?

Tom

Link to comment
Share on other sites

Sounds like you may have an account with a weak password that someone is using to send mail. The 127.0.0.1 and local IP of the server in the allowed relays section are necessary for the server to properly relay mail from exhange to outside SMTP servers, however, they would not allow an external SMTP server to relay through it unless it was somehow authenticating.

Link to comment
Share on other sites

Sounds like you may have an account with a weak password that someone is using to send mail. The 127.0.0.1 and local IP of the server in the allowed relays section are necessary for the server to properly relay mail from exhange to outside SMTP servers, however, they would not allow an external SMTP server to relay through it unless it was somehow authenticating.

Well, that *may* be true that we have weak passwords. But wouldn't the external SMTP server have to be permitted in the list of "only allow the following IP" ?

Since I only have 127.0.0.1 and <laniphere>, that external box *should* be coming in with the IP address of the router/firewall G/W number (NAT enabled), correct ?

The Exchange server is having NO difficulty accepting and transmitting email, without those IPs in the list.

POP protocol was enabled, I've disabled it (not needed anyways). But since I can't predict when this external source is attacking (I suspect all the time), I do *not* know I've stopped the problem.

Thanks

...Sorry, I'm not a server admin but I may have found a place for you to start (although it does not seem to be a specific solution for you): SpamCop Forum thread "[Resolved] Windows 2003 + Exchange 2003sp2 + ISA 2004."

Sorry, that didn't help any. I've already gone through all of the things he has gone through on the firewall and the server.

Thanks for searching.

Tom

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...