Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Bonno Bloksma]

Hi Andy,


  We even were considering scripting the "lower case translate" - but, 
  "keyrename" is not a scriptable registry function. We certainly don't want 
  tomanually perform all these edits while the services have to be down AND 
  riskthat there'll be a certain percent of keyboard errors causing 
  who-knows-whatkind of secondary problems.
If you just export the Ipswitch key to a text file, 
do simple textbased case replacement and import it, that should not take to 
long. 



Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer
tio hogeschool hotelmanagement en toerisme 
begijnenhof 8-12 / 5611 el eindhovent 040 296 28 
28 / f 040 237 35 20[EMAIL PROTECTED] / www.tio.nl 


  - Original Message - 
  From: 
  Andy Schmidt 
  To: Imail_Forum@list.ipswitch.com 
  
  Cc: [EMAIL PROTECTED] 
  Sent: Monday, October 30, 2006 11:45 
  PM
  Subject: RE: [IMail Forum] SMTP Exploit 
  Scanning Going on NOW
  KG Can you share what the main issues are that you'd 
  like to see resolvedbefore upgrading to 2006.1? We tried 
  to upgrade to 2006.1, but have a large number of domains, many wereentered 
  with mixed case domain names. According to one KB entry these 
  causeservices to leak memory and cause the Imail server (not just the 
  service) tobecome unresponsive.Rebooting the server (no way to log 
  into the system) will reset the memoryfrom GBs to a few hundred MB and the 
  system will run again for a while. TheKB entry seems to imply that 
  the problem is specific to the SMTP service,but in reality I've seen all 
  mail-related Imail services to slowly increasetheir memory use.We 
  even were considering scripting the "lower case translate" - but, 
  "keyrename" is not a scriptable registry function. We certainly don't want 
  tomanually perform all these edits while the services have to be down AND 
  riskthat there'll be a certain percent of keyboard errors causing 
  who-knows-whatkind of secondary problems.-Original 
  Message-From: "Kevin Gillis" [EMAIL PROTECTED]Subject: 
  RE: [IMail Forum] SMTP Exploit Scanning Going on NOWDate: Fri, 27 
  Oct 2006 01:51:20 -0400Reply-To: Imail_Forum@list.ipswitch.comHi 
  Darin,Can you share what the main issues are that you'd like to see 
  resolvedbefore upgrading to 2006.1? Chances are that others may 
  share similarsentiments and we'd like to prioritize and address 
  them.Bye for now,kg To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList 
  Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge 
  Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Andy Schmidt]

KG Can you share what the main issues are that you'd like to see resolved
before upgrading to 2006.1? 

We tried to upgrade to 2006.1, but have a large number of domains, many were
entered with mixed case domain names. According to one KB entry these cause
services to leak memory and cause the Imail server (not just the service) to
become unresponsive.

Rebooting the server (no way to log into the system) will reset the memory
from GBs to a few hundred MB and the system will run again for a while.  The
KB entry seems to imply that the problem is specific to the SMTP service,
but in reality I've seen all mail-related Imail services to slowly increase
their memory use.

We even were considering scripting the lower case translate - but, key
rename is not a scriptable registry function. We certainly don't want to
manually perform all these edits while the services have to be down AND risk
that there'll be a certain percent of keyboard errors causing who-knows-what
kind of secondary problems.

-Original Message-
From: Kevin Gillis [EMAIL PROTECTED]
Subject: RE: [IMail Forum]  SMTP Exploit Scanning Going on NOW
Date: Fri, 27 Oct 2006 01:51:20 -0400
Reply-To: Imail_Forum@list.ipswitch.com
Hi Darin,

Can you share what the main issues are that you'd like to see resolved
before upgrading to 2006.1?  Chances are that others may share similar
sentiments and we'd like to prioritize and address them.

Bye for now,

kg 

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Matrosity Hosting]

Edit your registry and make them all lower case = no memory leak. I'm VERY
familiar with this problem.

:)

Bill Foresman
Matrosity Hosting
www.matrosity.com
850.656.2644

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt
Sent: Monday, October 30, 2006 5:45 PM
To: Imail_Forum@list.ipswitch.com
Cc: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

KG Can you share what the main issues are that you'd like to see 
KG resolved
before upgrading to 2006.1? 

We tried to upgrade to 2006.1, but have a large number of domains, many were
entered with mixed case domain names. According to one KB entry these cause
services to leak memory and cause the Imail server (not just the service) to
become unresponsive.

Rebooting the server (no way to log into the system) will reset the memory
from GBs to a few hundred MB and the system will run again for a while.  The
KB entry seems to imply that the problem is specific to the SMTP service,
but in reality I've seen all mail-related Imail services to slowly increase
their memory use.

We even were considering scripting the lower case translate - but, key
rename is not a scriptable registry function. We certainly don't want to
manually perform all these edits while the services have to be down AND risk
that there'll be a certain percent of keyboard errors causing who-knows-what
kind of secondary problems.

-Original Message-
From: Kevin Gillis [EMAIL PROTECTED]
Subject: RE: [IMail Forum]  SMTP Exploit Scanning Going on NOW
Date: Fri, 27 Oct 2006 01:51:20 -0400
Reply-To: Imail_Forum@list.ipswitch.com
Hi Darin,

Can you share what the main issues are that you'd like to see resolved
before upgrading to 2006.1?  Chances are that others may share similar
sentiments and we'd like to prioritize and address them.

Bye for now,

kg 

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Eddie Pang]

Hi All,

Sorry I am running V8.12 and not 8.15 as previously 
reported. 

I have compiled the exploit, and ran it against my 
server. With version 8.12, I am not getting any of theinjections as 
described (share, new user, port  bind) . However, after running the 
exploit all smtpwill not respond to any connection request. You will have 
to manually stop/start SMTP to regain full function once 
again.

Here is the catch22. You will need to enable 
Monitor Services if you wish to have SMTP auto restart should it hang. 
This service in the past has created a bunch of networking issues for a few 
users..

Also, I am not seeing the same info as http://www.mail-archive.com/imail_forum%40list.ipswitch.com/msg108489.html.

My log looks like
10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] 
EHLO 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] MAIL FROM [EMAIL PROTECTED] 10:29 02:43 
SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] RCPT TO: 
@qo:10:29 
02:44 SMTPD() server starting on port 25 of 
student.chaminade.edu  AUTO RESTART OF SMTP via Monitor after SMTP 
fails to respond..

Display 
of Options from executable.
=
IMail 2006 and 8.x SMTP 'RCPT TO:' Stack Overflow 
ExploitCoded by Greg Linares  glinares.code [at] GMAIL [dot] com 
Usage: imailexploit [hostname] [port] Payload 
JMPDefault port is 25 

==Payload Options: 1 = 
Default==1 = Share C:\ as 'Export' 
Share2 = Add User 'Error' with Password 'Error'3 = Win32 Bind CMD to 
Port 4 = Change Administrator Password to '[EMAIL PROTECTED]'==JMP 
Options: 1 = Default==1 = IMAIL 8.x 
SMTPDLL.DLL [pop ebp, ret] 0x10036f71 2 = Win2003 SP1 
English NTDLL.DLL [pop ebp, ret] 0x7c87d8af 3 = Win2003 SP0 English 
USER32.DLL [pop ebp, ret] 0x77d02289 4 = WinXP SP2 English NTDLL.DLL [pop 
ebp, ret] 0x7c967e23 5 = WinXP SP1 - SP0 English USER32.DLL [pop ebp, ret] 
0x71ab389c 6 = Win2000 Universal English USER32.DLL [pop ebp, ret] 
0x75021397 7 = Win2000 Universal French USER32.DLL [pop ebp, ret] 0x74fa1397 
8 = Windows XP SP1 - SP2 German USER32.DLL [pop ebp, ret] 0x77d18c14 



Hope 
this provides some info, atleast to users of Version 8.12.

Eddie 
:)




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Eddie 
PangSent: Saturday, October 28, 2006 4:51 PMTo: 
Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
Scanning Going on NOW

For those of us who are not programmers, can someone 
provide a simple what we need to do to compile this so we can test our systems 
for this exploit.

I have a 
HIPS running on our Imail 8.15 server, and I want to see if it will terminate 
the buffer overflow process.

Thanks,
Eddie.



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Troy D. 
HiltonSent: Thursday, October 26, 2006 7:04 AMTo: 
Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
Scanning Going on NOW


From what I understand 
both 8.2x and 2006 are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html


Troy D. 
Hilton
Serveon, 
Inc.
302-529-8640
[EMAIL PROTECTED]

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Mike N]

The fact that it crashes means that it could be 
exploitedif someone gets a copy of 8.12 and determines offsets for your OS 
and Imail. In the meantime, also try banning e-mail from the user [EMAIL PROTECTED] [ this might cause it to drop the 
connection before looking at the exploit. Of course they can also have the 
FROM user to be anything in the future] .


  - Original Message - 
  From: 
  Eddie Pang 
  
  To: Imail_Forum@list.ipswitch.com 
  
  Sent: Sunday, October 29, 2006 8:11 
  AM
  Subject: RE: [IMail Forum] SMTP Exploit 
  Scanning Going on NOW
  
  Hi All,
  
  Sorry I am running V8.12 and not 8.15 as previously 
  reported. 
  
  I have compiled the exploit, and ran it against my 
  server. With version 8.12, I am not getting any of theinjections 
  as described (share, new user, port  bind) . However, after running 
  the exploit all smtpwill not respond to any connection request. You will 
  have to manually stop/start SMTP to regain full function once 
  again.
  
  Here is the catch22. You will need to enable 
  Monitor Services if you wish to have SMTP auto restart should it hang. 
  This service in the past has created a bunch of networking issues for a few 
  users..
  
  Also, I am not seeing the same info as http://www.mail-archive.com/imail_forum%40list.ipswitch.com/msg108489.html.
  
  My log looks like
  10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] 
  EHLO 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] MAIL FROM 
  [EMAIL PROTECTED] 10:29 02:43 
  SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] RCPT TO: 
  @qo:10:29 
  02:44 SMTPD() server starting on port 25 of 
  student.chaminade.edu  AUTO RESTART OF SMTP via Monitor after SMTP 
  fails to respond..
  
  Display of Options from 
  executable.
  =
  IMail 2006 and 8.x SMTP 'RCPT TO:' Stack Overflow 
  ExploitCoded by Greg Linares  glinares.code [at] GMAIL [dot] com 
  Usage: imailexploit [hostname] [port] Payload 
  JMPDefault port is 25 
  
  ==Payload Options: 1 
  = Default==1 = Share C:\ as 'Export' 
  Share2 = Add User 'Error' with Password 'Error'3 = Win32 Bind CMD to 
  Port 4 = Change Administrator Password to '[EMAIL PROTECTED]'==JMP 
  Options: 1 = Default==1 = IMAIL 8.x 
  SMTPDLL.DLL [pop ebp, ret] 0x10036f71 2 = Win2003 SP1 
  English NTDLL.DLL [pop ebp, ret] 0x7c87d8af 3 = Win2003 SP0 English 
  USER32.DLL [pop ebp, ret] 0x77d02289 4 = WinXP SP2 English NTDLL.DLL [pop 
  ebp, ret] 0x7c967e23 5 = WinXP SP1 - SP0 English USER32.DLL [pop ebp, ret] 
  0x71ab389c 6 = Win2000 Universal English USER32.DLL [pop ebp, ret] 
  0x75021397 7 = Win2000 Universal French USER32.DLL [pop ebp, ret] 
  0x74fa1397 8 = Windows XP SP1 - SP2 German USER32.DLL [pop ebp, ret] 
  0x77d18c14 
  
  
  Hope 
  this provides some info, atleast to users of Version 8.12.
  
  Eddie :)
  
  

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[David Waller]

To get around the SMTP auto start problem consider using a 3rd party app.
such as Service+ or similar.

David 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eddie Pang
Sent: 29 October 2006 13:12
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

Hi All,
 
Sorry I am running V8.12 and not 8.15 as previously reported.  
 
I have compiled the exploit, and ran it against my server.  With version
8.12, I am not getting any of the injections as described (share, new user,
port  bind) .  However, after running the exploit all smtp will not
respond to any connection request. You will have to manually stop/start SMTP
to regain full function once again.
 
Here is the catch22.  You will need to enable Monitor Services if you wish
to have SMTP auto restart should it hang.  This service in the past has
created a bunch of networking issues for a few users..
 
Also, I am not seeing the same info as
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/msg108489.html .
 
My log looks like
10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] EHLO
10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] MAIL FROM [EMAIL 
PROTECTED]
10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] RCPT TO:
@qo:
10:29 02:44 SMTPD() server starting on port 25 of
student.chaminade.edu  AUTO RESTART OF SMTP via Monitor after SMTP fails
to respond..
 
Display of Options from executable.
=
IMail 2006 and 8.x SMTP 'RCPT TO:' Stack Overflow Exploit Coded by Greg
Linares  glinares.code  [at] GMAIL [dot] com 
Usage: imailexploit [hostname] [port] Payload JMP Default port is 25 
 
==
Payload Options: 1 = Default
==
1 = Share C:\ as 'Export' Share
2 = Add User 'Error' with Password 'Error'
3 = Win32 Bind CMD to Port 
4 = Change Administrator Password to '[EMAIL PROTECTED]'
==
JMP Options: 1 = Default
==
1 = IMAIL 8.x SMTPDLL.DLL[pop ebp, ret] 0x10036f71 
2 = Win2003 SP1 English NTDLL.DLL [pop ebp, ret] 0x7c87d8af
3 = Win2003 SP0 English USER32.DLL [pop ebp, ret] 0x77d02289
4 = WinXP SP2 English NTDLL.DLL [pop ebp, ret] 0x7c967e23
5 = WinXP SP1 - SP0 English USER32.DLL [pop ebp, ret] 0x71ab389c
6 = Win2000 Universal English USER32.DLL [pop ebp, ret] 0x75021397
7 = Win2000 Universal French USER32.DLL [pop ebp, ret] 0x74fa1397
8 = Windows XP SP1 - SP2 German USER32.DLL [pop ebp, ret] 0x77d18c14 
 
 
Hope this provides some info, atleast to users of Version 8.12.
 
Eddie :)
 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eddie Pang
Sent: Saturday, October 28, 2006 4:51 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


For those of us who are not programmers, can someone provide a simple what
we need to do to compile this so we can test our systems for this exploit.

 
 I have a HIPS running on our Imail 8.15 server, and I want to see if it
will terminate the buffer overflow process.
 
Thanks,
Eddie.
 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Troy D. Hilton
Sent: Thursday, October 26, 2006 7:04 AM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW



From what I understand both 8.2x and 2006 are vulnerable. Check here:
http://www.securiteam.com/exploits/6G00L0KH5E.html

 

Troy D. Hilton

Serveon, Inc.

302-529-8640

[EMAIL PROTECTED]


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 8.15 ASSP

[Beach Computers]

Just an FYI for anyone else who is currently SOL like us,

Changed the mail server ehlo, and also enabled delaying in ASSP, but we
still got hit by this. 


 
Dave
 
 ---
|Beach Computers|
|Affordable Hosting Solutions   |
|http://www.beachcomp.com   |
 ===
|Cheap Domain Warehouse |
|Get Your Own Dot!  |
|http://www.cheapdomainwarehouse.com|
 -- 


Disclaimer and confidentiality note:

The contents of this communication are intended/meant only for addressee(s)
and may contain information that is privileged or otherwise confidential.
If you are not the intended recipient you are hereby notified that any
disclosure, copying, distribution or taking any action in reliance on the
contents of this information is strictly prohibited and may be unlawful.
The contents of this e-mail shall not be forwarded to any third party. If
you have received this electronic mail transmission in error, please delete
it from your system without copying or forwarding it, and notify the sender
of the error by reply email, so that the sender's address records
can be corrected.
Views and opinions are solely those of the sender unless clearly indicated
as being that of Beach Computers or any of it's affiliated companies.
Beach Computers cannot assure that the integrity of this communication has
been maintained or that it is free of errors, virus, interception or
interference.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Waller
Sent: Sunday, October 29, 2006 9:52 AM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

To get around the SMTP auto start problem consider using a 3rd party app.
such as Service+ or similar.

David 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eddie Pang
Sent: 29 October 2006 13:12
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

Hi All,
 
Sorry I am running V8.12 and not 8.15 as previously reported.  
 
I have compiled the exploit, and ran it against my server.  With version
8.12, I am not getting any of the injections as described (share, new user,
port  bind) .  However, after running the exploit all smtp will not
respond to any connection request. You will have to manually stop/start SMTP
to regain full function once again.
 
Here is the catch22.  You will need to enable Monitor Services if you wish
to have SMTP auto restart should it hang.  This service in the past has
created a bunch of networking issues for a few users..
 
Also, I am not seeing the same info as
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/msg108489.html .
 
My log looks like
10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] EHLO
10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] MAIL FROM [EMAIL 
PROTECTED]
10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] RCPT TO:
@qo:
10:29 02:44 SMTPD() server starting on port 25 of
student.chaminade.edu  AUTO RESTART OF SMTP via Monitor after SMTP fails
to respond..
 
Display of Options from executable.
=
IMail 2006 and 8.x SMTP 'RCPT TO:' Stack Overflow Exploit Coded by Greg
Linares  glinares.code  [at] GMAIL [dot] com 
Usage: imailexploit [hostname] [port] Payload JMP Default port is 25 
 
==
Payload Options: 1 = Default
==
1 = Share C:\ as 'Export' Share
2 = Add User 'Error' with Password 'Error'
3 = Win32 Bind CMD to Port 
4 = Change Administrator Password to '[EMAIL PROTECTED]'
==
JMP Options: 1 = Default
==
1 = IMAIL 8.x SMTPDLL.DLL[pop ebp, ret] 0x10036f71 
2 = Win2003 SP1 English NTDLL.DLL [pop ebp, ret] 0x7c87d8af
3 = Win2003 SP0 English USER32.DLL [pop ebp, ret] 0x77d02289
4 = WinXP SP2 English NTDLL.DLL [pop ebp, ret] 0x7c967e23
5 = WinXP SP1 - SP0 English USER32.DLL [pop ebp, ret] 0x71ab389c
6 = Win2000 Universal English USER32.DLL [pop ebp, ret] 0x75021397
7 = Win2000 Universal French USER32.DLL [pop ebp, ret] 0x74fa1397
8 = Windows XP SP1 - SP2 German USER32.DLL [pop ebp, ret] 0x77d18c14 
 
 
Hope this provides some info, atleast to users of Version 8.12.
 
Eddie :)
 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eddie Pang
Sent: Saturday, October 28, 2006 4:51 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


For those of us who are not programmers, can someone provide a simple what
we need to do to compile this so we can test our systems for this exploit.

 
 I have a HIPS running on our Imail 8.15 server, and I want to see

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Beach Computers]

Is there a way to do a global ban from [EMAIL PROTECTED]?
The only way I know is to create a rule for each domain which can be a 
nightmare.



Dave===Beach 
ComputersAffordable Hosting 
Solutionshttp://www.beachcomp.com===Cheap 
Domain WarehouseGet Your Own 
Dot!http://www.cheapdomainwarehouse.comDisclaimer 
and confidentiality note:The contents of this communication are 
intended/meant only for addressee(s) and may contain information that is 
privileged or otherwise confidential.If you are not the intended recipient 
you are hereby notified that any disclosure, copying, distribution or taking any 
action in reliance on thecontents of this information is strictly prohibited 
and may be unlawful.The contents of this e-mail shall not be forwarded to 
any third party. If you have received this electronic mail transmission in 
error, please deleteit from your system without copying or forwarding it, 
and notify the sender of the error by reply email, so that the sender's address 
recordscan be corrected.Views and opinions are solely those of the 
sender unless clearly indicated as being that of Beach Computers or any of it's 
affiliated companies.Beach Computers cannot assure that the integrity of 
this communication has been maintained or that it is free of errors, virus, 
interception or interference.



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Mike 
NSent: Sunday, October 29, 2006 9:15 AMTo: 
Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit 
Scanning Going on NOW

The fact that it crashes means that it could be 
exploitedif someone gets a copy of 8.12 and determines offsets for your OS 
and Imail. In the meantime, also try banning e-mail from the user [EMAIL PROTECTED] [ this might cause it to drop the 
connection before looking at the exploit. Of course they can also have the 
FROM user to be anything in the future] .


  - Original Message - 
  From: 
  Eddie Pang 
  
  To: Imail_Forum@list.ipswitch.com 
  
  Sent: Sunday, October 29, 2006 8:11 
  AM
  Subject: RE: [IMail Forum] SMTP Exploit 
  Scanning Going on NOW
  
  Hi All,
  
  Sorry I am running V8.12 and not 8.15 as previously 
  reported. 
  
  I have compiled the exploit, and ran it against my 
  server. With version 8.12, I am not getting any of theinjections 
  as described (share, new user, port  bind) . However, after running 
  the exploit all smtpwill not respond to any connection request. You will 
  have to manually stop/start SMTP to regain full function once 
  again.
  
  Here is the catch22. You will need to enable 
  Monitor Services if you wish to have SMTP auto restart should it hang. 
  This service in the past has created a bunch of networking issues for a few 
  users..
  
  Also, I am not seeing the same info as http://www.mail-archive.com/imail_forum%40list.ipswitch.com/msg108489.html.
  
  My log looks like
  10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] 
  EHLO 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] MAIL FROM 
  [EMAIL PROTECTED] 10:29 02:43 
  SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] RCPT TO: 
  @qo:10:29 
  02:44 SMTPD() server starting on port 25 of 
  student.chaminade.edu  AUTO RESTART OF SMTP via Monitor after SMTP 
  fails to respond..
  
  Display of Options from 
  executable.
  =
  IMail 2006 and 8.x SMTP 'RCPT TO:' Stack Overflow 
  ExploitCoded by Greg Linares  glinares.code [at] GMAIL [dot] com 
  Usage: imailexploit [hostname] [port] Payload 
  JMPDefault port is 25 
  
  ==Payload Options: 1 
  = Default==1 = Share C:\ as 'Export' 
  Share2 = Add User 'Error' with Password 'Error'3 = Win32 Bind CMD to 
  Port 4 = Change Administrator Password to '[EMAIL PROTECTED]'==JMP 
  Options: 1 = Default==1 = IMAIL 8.x 
  SMTPDLL.DLL [pop ebp, ret] 0x10036f71 2 = Win2003 SP1 
  English NTDLL.DLL [pop ebp, ret] 0x7c87d8af 3 = Win2003 SP0 English 
  USER32.DLL [pop ebp, ret] 0x77d02289 4 = WinXP SP2 English NTDLL.DLL [pop 
  ebp, ret] 0x7c967e23 5 = WinXP SP1 - SP0 English USER32.DLL [pop ebp, ret] 
  0x71ab389c 6 = Win2000 Universal English USER32.DLL [pop ebp, ret] 
  0x75021397 7 = Win2000 Universal French USER32.DLL [pop ebp, ret] 
  0x74fa1397 8 = Windows XP SP1 - SP2 German USER32.DLL [pop ebp, ret] 
  0x77d18c14 
  
  
  Hope 
  this provides some info, atleast to users of Version 8.12.
  
  Eddie :)
  
  

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW 8.15 ASSP

[Doug Traylor]

From: Beach Computers [EMAIL PROTECTED]

Changed the mail server ehlo, and also enabled delaying in ASSP, but we
still got hit by this.


I tried to reply directly to Dave's groups address but it bounced so I am 
replying to the list.


Dave,

Thanks for the heads up and sorry to hear it.

Do you have the ASSP log from when the successful attack took place?  I have
been watching my logs and can't seem to find anything out of the ordinary.
Granted we don't have Imail responding to Internet SMTP, but I thought I'd
at least see some unusual activity.  What version of ASSP are you using?  Do
you have connection testing enabled too?

Thanks,

Doug Traylor
ASSP v1.2.5

[EMAIL PROTECTED]

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Mike N]

Go to the IMail administrator / Services / SMTP / Edit Kill File.   Enter 
[EMAIL PROTECTED] and restart SMTP.  NOTE: This will also block everything matching 
that pattern - including [EMAIL PROTECTED] (I just made that one up - 
don't know if it exists), so there MIGHT be side effects.



- Original Message - 


Is there a way to do a global ban from [EMAIL PROTECTED]
The only way I know is to create a rule for each domain which can be a 
nightmare.



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Beach Computers]

Thank you!

Doug,
Oct-29-06 07:28:10 210.91.106.44  malformed address: 
'@qo:ÄÿïÿÿDjPYÙîÙt$ô[sŒo²ƒëüâôóæ„ÿçuMðìäÞ+¨ä÷3
 [EMAIL PROTECTED]/„û„¸ä³á½¯+£¯ÆM¥¿N„F4ØKšziäí+„Ô„€$9PnY 
ä;c¨sÓ̽´Ö„Ï_9O€äÂ!äò Ò A‚ƒâðZ 
áiä\€gû€PؐbgG‚N4ܐdPŠÔŽag°ZæmMß䶻ú!8MÙßá\ß,áLߐbiäwîißæSšä˨K8MÙæãZs¿Ú«!A[Xs¹áZs¿ÚêÅéûXs¹â[Ø:Mß
 UvJåðZ:MßêÖiä߆iâV¥£;èæ+;í½¯A¥r-ŸñÎC!‚öW¤' Àñ?yMzȐdTÛ=ã^ݳ^Ý:ãð\ 
Ö‰¡áðZMð»b„Û“1Ëèd]s¿Úÿkí\s¹Mߌo²SSS'

This is from ASSP with delaying on, everything in test mode.
Still trying to get the server backup, so sorry for the short reply.
 

rant
All I can say at this point is I FULLY regret going with Ipswitch and putting 
up with all the crap they pull all the time.
It's one thing where an upgrade is optional unless you want features, but a 
vulnerability left open is simply unacceptable.
If the server stays up long enough so I have time to deal with this on Monday, 
I'm planning on calling around to different publications and seeing if they 
will publish anything about this.
/rant



 
Dave
 
 ---
|Beach Computers|
|Affordable Hosting Solutions   |
|http://www.beachcomp.com   |
 ===
|Cheap Domain Warehouse |
|Get Your Own Dot!  |
|http://www.cheapdomainwarehouse.com|
 -- 


Disclaimer and confidentiality note:

The contents of this communication are intended/meant only for addressee(s) and 
may contain information that is privileged or otherwise confidential.
If you are not the intended recipient you are hereby notified that any 
disclosure, copying, distribution or taking any action in reliance on the
contents of this information is strictly prohibited and may be unlawful.
The contents of this e-mail shall not be forwarded to any third party. If you 
have received this electronic mail transmission in error, please delete
it from your system without copying or forwarding it, and notify the sender of 
the error by reply email, so that the sender's address records
can be corrected.
Views and opinions are solely those of the sender unless clearly indicated as 
being that of Beach Computers or any of it's affiliated companies.
Beach Computers cannot assure that the integrity of this communication has been 
maintained or that it is free of errors, virus, interception or interference.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N
Sent: Sunday, October 29, 2006 10:58 AM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

Go to the IMail administrator / Services / SMTP / Edit Kill File.   Enter 
[EMAIL PROTECTED] and restart SMTP.  NOTE: This will also block everything 
matching that pattern - including [EMAIL PROTECTED] (I just made that one up - 
don't know if it exists), so there MIGHT be side effects.


- Original Message - 

Is there a way to do a global ban from [EMAIL PROTECTED]
The only way I know is to create a rule for each domain which can be a 
nightmare.


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Eddie Pang]

For those of us who are not programmers, can someone 
provide a simple what we need to do to compile this so we can test our systems 
for this exploit.

I have a 
HIPS running on our Imail 8.15 server, and I want to see if it will terminate 
the buffer overflow process.

Thanks,
Eddie.



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Troy D. 
HiltonSent: Thursday, October 26, 2006 7:04 AMTo: 
Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
Scanning Going on NOW


From what I understand 
both 8.2x and 2006 are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html


Troy D. 
Hilton
Serveon, 
Inc.
302-529-8640
[EMAIL PROTECTED]

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[John T \(Lists\)]

When I did the upgrade from 8.15 to 8.22 many moons ago from what I remember
it was fairly painless.

John T
eServices For You

Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)



 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Imail_Forum-
 [EMAIL PROTECTED] On Behalf Of Darin Cox
 Sent: Thursday, October 26, 2006 10:46 PM
 To: Imail_Forum@list.ipswitch.com
 Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
 
 Hi Tripp,
 
 Thanks for jumping on this.  Is there an upgrade path from 8.15 to 8.2 for
 those with a valid SA, or is it a reinstall?
 
 Any gotchas we should be aware of?
 
 Until a couple of other issues are resolved, we're still not comfortable
 with going to 2006.1.
 
 Thanks in advance.
 
 Darin.
 
 
 - Original Message -
 From: Tripp Allen [EMAIL PROTECTED]
 To: Imail_Forum@list.ipswitch.com
 Sent: Thursday, October 26, 2006 5:13 PM
 Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
 
 
 We are not currently planning a patch for 8.15.  SMTPD was rewritten in
8.2
 and I can not confirm (or deny) that 8.1X is vulnerable right now.
 
 Tripp
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
 Sent: Thursday, October 26, 2006 4:35 PM
 To: Imail_Forum@list.ipswitch.com
 Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
 
 What about 8.15, Tripp?
 
 
 - Original Message -
 From: Tripp Allen [EMAIL PROTECTED]
 To: Imail_Forum@list.ipswitch.com
 Sent: Thursday, October 26, 2006 2:02 PM
 Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
 
 
 
  2006.1 is not vulnerable to this exploit.
 
  We are working on a update for 8.22 which will include one DLL that
needs
  to
  be copied over the old one during a stop / start of smtpd32. I'll post a
  link here as soon as it's available.
 
  Tripp
 
 
  To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
  List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
  Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
 
 
 
 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
 
 
 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
 
 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Michael Thomas - Mathbox]

Darin,

 When I did the upgrade from 8.15 to 8.22 many moons ago from 
 what I remember
 it was fairly painless.
 
 John T
 eServices For You

Same here. No problem that I recall.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
 


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Tripp Allen]

Since you have an SA you should have a key for 8.22.  You can download 8.22 
from our support pages and there is a link in the KB article I posted as 
well.


Tripp

- Original Message - 
From: Darin Cox [EMAIL PROTECTED]

To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 1:45 AM
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW



Hi Tripp,

Thanks for jumping on this.  Is there an upgrade path from 8.15 to 8.2 for
those with a valid SA, or is it a reinstall?

Any gotchas we should be aware of?

Until a couple of other issues are resolved, we're still not comfortable
with going to 2006.1.

Thanks in advance.

Darin.


- Original Message - 
From: Tripp Allen [EMAIL PROTECTED]

To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 5:13 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


We are not currently planning a patch for 8.15.  SMTPD was rewritten in 
8.2

and I can not confirm (or deny) that 8.1X is vulnerable right now.

Tripp

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
Sent: Thursday, October 26, 2006 4:35 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

What about 8.15, Tripp?


- Original Message -
From: Tripp Allen [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 2:02 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW




2006.1 is not vulnerable to this exploit.

We are working on a update for 8.22 which will include one DLL that needs
to
be copied over the old one during a stop / start of smtpd32. I'll post a
link here as soon as it's available.

Tripp


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: 
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/




To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/




To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Gil Gomes]

Not to put too fine a point on it and I don't want to seem as though I'm bashing Ipswitch unnecessarily, but being forced to upgrade due to a problem of this nature is irksome. One of the problems I'll need to deal with might seem rather minuscule to you... 
We totally customize the login screens to suit our company's charter and tastes... Ipswitch changed the login.asp and login.aspx files so radically between versions 2006.03 and 2006.1 that we'll have to spend a few hours getting these screens squared away. 
I have to assume there was a reason for these changes as I doubt you'd waste horsepower. Minor problem, in the scheme of things, but still painfull... Could your programmers possibly assume that customers will be modifying the login files to better meld with their custom graphics, rather than going witha totally "form follows function" attitude?
The other reasons I wasn't planning on ever upgrading to 2006.1 all concern the lack of progress in regards to the many issues we have with your web mail. I believe there were a couple of minor corrections that we thought were improvements... 
1)The gauge showing how much disk space was utilized and is left.
2) Showing who the email was TO and not FROM in the sent folder... 
I guess I know where I'll be this Saturday, eh?
-Gil

-Gil
-Original Message-From: "Tripp Allen" Sent 10/26/2006 4:19:06 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

You'll need to upgrade to 2006.1.

Tripp



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

Ummm... How about 2006.03? Is that going to be patched, or do I need to quickly perform an upgrade to 2006.1 I've been running 2006.1 on a test box for a month or so, and I'm not really too choked up about it... I'll need to go back to my documentation to see exactly WHAT the issues are, but I was planning to skip that upgrade altogether and wait for the next one... 
-Gil
-Original Message-From: "Tripp Allen" Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to this exploit.We are working on a update for 8.22 which will include one DLL that needs tobe copied over the old one during a stop / start of smtpd32. I'll post alink here as soon as it's available.TrippTo Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Darin Cox]

Many Thanks, Tripp.

Darin.


- Original Message - 
From: Tripp Allen [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 6:59 AM
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW


Since you have an SA you should have a key for 8.22.  You can download 8.22
from our support pages and there is a link in the KB article I posted as
well.

Tripp

- Original Message - 
From: Darin Cox [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 1:45 AM
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW


 Hi Tripp,

 Thanks for jumping on this.  Is there an upgrade path from 8.15 to 8.2 for
 those with a valid SA, or is it a reinstall?

 Any gotchas we should be aware of?

 Until a couple of other issues are resolved, we're still not comfortable
 with going to 2006.1.

 Thanks in advance.

 Darin.


 - Original Message - 
 From: Tripp Allen [EMAIL PROTECTED]
 To: Imail_Forum@list.ipswitch.com
 Sent: Thursday, October 26, 2006 5:13 PM
 Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


 We are not currently planning a patch for 8.15.  SMTPD was rewritten in
 8.2
 and I can not confirm (or deny) that 8.1X is vulnerable right now.

 Tripp

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
 Sent: Thursday, October 26, 2006 4:35 PM
 To: Imail_Forum@list.ipswitch.com
 Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

 What about 8.15, Tripp?


 - Original Message -
 From: Tripp Allen [EMAIL PROTECTED]
 To: Imail_Forum@list.ipswitch.com
 Sent: Thursday, October 26, 2006 2:02 PM
 Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW



 2006.1 is not vulnerable to this exploit.

 We are working on a update for 8.22 which will include one DLL that needs
 to
 be copied over the old one during a stop / start of smtpd32. I'll post a
 link here as soon as it's available.

 Tripp


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive:
 http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Darin Cox]

Thanks, John and Michael.  I didn't figure there would be much of anything,
but figured I'd ask to be safe.

Darin.


- Original Message - 
From: Michael Thomas - Mathbox [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 2:39 AM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


Darin,

 When I did the upgrade from 8.15 to 8.22 many moons ago from
 what I remember
 it was fairly painless.

 John T
 eServices For You

Same here. No problem that I recall.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Darin Cox]

Hi Kevin,

Thanks.  I'll do that.  I'll go through my archives and compare against your
list when I get back in the office next week.

Darin.


- Original Message - 
From: Kevin Gillis [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 1:51 AM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


Hi Darin,

Can you share what the main issues are that you'd like to see resolved
before upgrading to 2006.1?  Chances are that others may share similar
sentiments and we'd like to prioritize and address them.

Bye for now,

kg

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Friday, October 27, 2006 01:46
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

Hi Tripp,

Thanks for jumping on this.  Is there an upgrade path from 8.15 to 8.2 for
those with a valid SA, or is it a reinstall?

Any gotchas we should be aware of?

Until a couple of other issues are resolved, we're still not comfortable
with going to 2006.1.

Thanks in advance.

Darin.


- Original Message -
From: Tripp Allen [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 5:13 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


We are not currently planning a patch for 8.15.  SMTPD was rewritten in 8.2
and I can not confirm (or deny) that 8.1X is vulnerable right now.

Tripp

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
Sent: Thursday, October 26, 2006 4:35 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

What about 8.15, Tripp?


- Original Message -
From: Tripp Allen [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 2:02 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW



 2006.1 is not vulnerable to this exploit.

 We are working on a update for 8.22 which will include one DLL that needs
 to
 be copied over the old one during a stop / start of smtpd32. I'll post a
 link here as soon as it's available.

 Tripp


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Dave Doherty]

Hi, all-

What symptoms would indicate that you've been compromised?

- Dave Doherty
 Skywaves, Inc.
 97 Webster Street
 Worcester, MA 10603
 (+1) - 508-425-7176
 Please note our new mailing address!


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Mark [Support]]

Yes, thanks.  Will this work on 8.15?

Cheers
Mark


We are working on a update for 8.22 which will include one DLL that
needs to
be copied over the old one during a stop / start of smtpd32. I'll post a
link here as soon as it's available.

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Doug Traylor]

- Original Message - 
From: Mark [Support] [EMAIL PROTECTED]

To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 9:07 AM
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW



We are working on a update for 8.22 which will include one DLL that
needs to
be copied over the old one during a stop / start of smtpd32. I'll post a
link here as soon as it's available.



Yes, thanks.  Will this work on 8.15?


No, as has been said here, and it bears repeating, 8.22 involved a major 
rewrite and differs enough that the patch for 8.22 will not work on 8.15 or 
below.  You need to take immediate action to protect your server(s) by 
either removing Imail from direct contact to the internet by way of an SMTP 
gateway or proxy, or you need to upgrade to 8.22 at the very least.  The 
upgrade to 8.22 from 8.15 has been reported to be straightforward from many 
Imail customers including myself.


Hope this helps,

Doug Traylor


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Bob McGregor]

on the upgrade. IIRC we did not move as the central directory (LDAP) was 
changed and no longer worked as it did previously.

We are a K-12 school district and rely on the LDAP to lookup addresses by name, 
department, organization. This changed after 8.05 (I think)

just saying if you rely on the LDAP for address lookup, I'd check with Ipswitch 
before doing it.  

we are behind IMGate and I'm thinking we're ok.

just posting in case others use LDAP as well.

bob

On Friday, October 27, 2006 8:12 AM, Doug Traylor [EMAIL PROTECTED] wrote:
- Original Message - 
From: Mark [Support] [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 9:07 AM
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW


 We are working on a update for 8.22 which will include one DLL that
 needs to
 be copied over the old one during a stop / start of smtpd32. I'll post a
 link here as soon as it's available.

 Yes, thanks.  Will this work on 8.15?

No, as has been said here, and it bears repeating, 8.22 involved a major 
rewrite and differs enough that the patch for 8.22 will not work on 8.15 or 
below.  You need to take immediate action to protect your server(s) by 
either removing Imail from direct contact to the internet by way of an SMTP 
gateway or proxy, or you need to upgrade to 8.22 at the very least.  The 
upgrade to 8.22 from 8.15 has been reported to be straightforward from many 
Imail customers including myself.

Hope this helps,

Doug Traylor


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Tom Pepper]

No, 8.22 only.

Tom
- Original Message - 
From: Mark [Support] [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 9:07 AM
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW


| Yes, thanks.  Will this work on 8.15?
|
| Cheers
| Mark
|
|  We are working on a update for 8.22 which will include one DLL that
|  needs to
|  be copied over the old one during a stop / start of smtpd32. I'll post a
|  link here as soon as it's available.
| To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
| List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
| Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
| 

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[copacs]

LS,

Blessing to all of you. I was following the forum and have to upgrade now.

Must I upgrade the different steps and fixes in sequence or 
can I just use the 8.22 on my running imail 8.15

In any case I'll backup first but doing it right the first time saves!!!

Kenneth

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Michael Thomas
- Mathbox
Sent: Friday, October 27, 2006 2:40 AM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


Darin,

 When I did the upgrade from 8.15 to 8.22 many moons ago from 
 what I remember
 it was fairly painless.
 
 John T
 eServices For You

Same here. No problem that I recall.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
 


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Bill Green dfn Systems]

Tripp,

   I think there are several of us who are still on 8.1x who are going to 
be upgrading this weekend. I will ask questions that more than just I am 
probably nervous about.


For 8.12, all I needed was a serial No. Is this the same as the Key?
Is the Serial No. / Key the same for 8.12 and 8.22?
Is there any other gotcha we need to be aware of as we will be in the no 
support hours?


Bill Green
dfn Systems


- Original Message - 
From: Tripp Allen [EMAIL PROTECTED]

To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 4:59 AM
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW


Since you have an SA you should have a key for 8.22.  You can download 
8.22 from our support pages and there is a link in the KB article I posted 
as well.


Tripp

- Original Message - 
From: Darin Cox [EMAIL PROTECTED]

To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 1:45 AM
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW



Hi Tripp,

Thanks for jumping on this.  Is there an upgrade path from 8.15 to 8.2 
for

those with a valid SA, or is it a reinstall?

Any gotchas we should be aware of?

Until a couple of other issues are resolved, we're still not comfortable
with going to 2006.1.

Thanks in advance.

Darin.


- Original Message - 
From: Tripp Allen [EMAIL PROTECTED]

To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 5:13 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


We are not currently planning a patch for 8.15.  SMTPD was rewritten in 
8.2

and I can not confirm (or deny) that 8.1X is vulnerable right now.

Tripp

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
Sent: Thursday, October 26, 2006 4:35 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

What about 8.15, Tripp?


- Original Message -
From: Tripp Allen [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 2:02 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW




2006.1 is not vulnerable to this exploit.

We are working on a update for 8.22 which will include one DLL that 
needs

to
be copied over the old one during a stop / start of smtpd32. I'll post a
link here as soon as it's available.

Tripp


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: 
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/




To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: 
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: 
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: 
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/




To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
---
[This E-mail scanned for viruses by Declude EVA]






---
[This E-mail scanned for viruses by Declude EVA]

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Bill Green dfn Systems]

I just used the link, filled out the form, and got a reply that I would have 
an answer within 2 business days.
If you are trying to get this done tonight or over the weekend, this is not 
a viable option.


Bill Green
dfn Systems


- Original Message - 
From: Martin Schaible [EMAIL PROTECTED]

To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 5:06 AM
Subject: AW: [IMail Forum] SMTP Exploit Scanning Going on NOW


Hi,

This is not really correct. If you have a subscription, you have a serial
key for Imail 2006. To get a key für Imail 8.22, the customer service must
be asked.

Use this form:

http://www.ipswitch.com/support/email_service.asp





--

Mit freundlichen Grüssen


Merlin Consulting
Martin Schaible
Bahnhofstrasse 27
CH-8702 Zollikon

Phone:   +41 44 391 30 00
Fax: +41 44 391 32 49

Mail:mailto:[EMAIL PROTECTED]
URL: http://www.merlinconsulting.ch
Support: http://support.merlinconsulting.ch

GPS: N47 20.235 E8 34.226

News - Neue Produkte:

.:. mxGuard - InvURIBL - MessageSniffer
.:. NOD32 Antivirus System
.:. BlueDragon
.:. Kiwi Syslog Monitor
.:. Paessler GmbH
.:. SmarterTools
 
-Ursprüngliche Nachricht-

Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Tripp Allen
Gesendet: Freitag, 27. Oktober 2006 13:00
An: Imail_Forum@list.ipswitch.com
Betreff: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

Since you have an SA you should have a key for 8.22.  You can download 8.22
from our support pages and there is a link in the KB article I posted as
well.

Tripp

- Original Message - 
From: Darin Cox [EMAIL PROTECTED]

To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 1:45 AM
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW



Hi Tripp,

Thanks for jumping on this.  Is there an upgrade path from 8.15 to 8.2 for
those with a valid SA, or is it a reinstall?

Any gotchas we should be aware of?

Until a couple of other issues are resolved, we're still not comfortable
with going to 2006.1.

Thanks in advance.

Darin.


- Original Message - 
From: Tripp Allen [EMAIL PROTECTED]

To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 5:13 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


We are not currently planning a patch for 8.15.  SMTPD was rewritten in
8.2
and I can not confirm (or deny) that 8.1X is vulnerable right now.

Tripp

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
Sent: Thursday, October 26, 2006 4:35 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

What about 8.15, Tripp?


- Original Message -
From: Tripp Allen [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 2:02 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW




2006.1 is not vulnerable to this exploit.

We are working on a update for 8.22 which will include one DLL that needs
to
be copied over the old one during a stop / start of smtpd32. I'll post a
link here as soon as it's available.

Tripp


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/




To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/




To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
---
[This E-mail scanned for viruses by Declude EVA]




---
[This E-mail scanned for viruses by Declude EVA]

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Tripp Allen]

8.2 requires you to have an activation key which is a different key than
your serial number.  You can send an email to customer service to get an
activation key for 8.2 here:
http://www.ipswitch.com/support/email_service.asp

Tripp


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bill Green dfn
Systems
Sent: Friday, October 27, 2006 12:08 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

Tripp,

I think there are several of us who are still on 8.1x who are going to
be upgrading this weekend. I will ask questions that more than just I am
probably nervous about.

For 8.12, all I needed was a serial No. Is this the same as the Key?
Is the Serial No. / Key the same for 8.12 and 8.22?
Is there any other gotcha we need to be aware of as we will be in the no
support hours?

Bill Green
dfn Systems


- Original Message -
From: Tripp Allen [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 4:59 AM
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW


 Since you have an SA you should have a key for 8.22.  You can download
 8.22 from our support pages and there is a link in the KB article I posted

 as well.

 Tripp

 - Original Message -
 From: Darin Cox [EMAIL PROTECTED]
 To: Imail_Forum@list.ipswitch.com
 Sent: Friday, October 27, 2006 1:45 AM
 Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW


 Hi Tripp,

 Thanks for jumping on this.  Is there an upgrade path from 8.15 to 8.2
 for
 those with a valid SA, or is it a reinstall?

 Any gotchas we should be aware of?

 Until a couple of other issues are resolved, we're still not comfortable
 with going to 2006.1.

 Thanks in advance.

 Darin.


 - Original Message -
 From: Tripp Allen [EMAIL PROTECTED]
 To: Imail_Forum@list.ipswitch.com
 Sent: Thursday, October 26, 2006 5:13 PM
 Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


 We are not currently planning a patch for 8.15.  SMTPD was rewritten in
 8.2
 and I can not confirm (or deny) that 8.1X is vulnerable right now.

 Tripp

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
 Sent: Thursday, October 26, 2006 4:35 PM
 To: Imail_Forum@list.ipswitch.com
 Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

 What about 8.15, Tripp?


 - Original Message -
 From: Tripp Allen [EMAIL PROTECTED]
 To: Imail_Forum@list.ipswitch.com
 Sent: Thursday, October 26, 2006 2:02 PM
 Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW



 2006.1 is not vulnerable to this exploit.

 We are working on a update for 8.22 which will include one DLL that
 needs
 to
 be copied over the old one during a stop / start of smtpd32. I'll post a
 link here as soon as it's available.

 Tripp


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive:
 http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive:
 http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive:
 http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive:
 http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
 ---
 [This E-mail scanned for viruses by Declude EVA]





---
[This E-mail scanned for viruses by Declude EVA]

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Beach Computers]

Tripp,

Is there anyone in Ipswitch that can CONFIRM this:

If any of your customers are running 8.15 they have 2 options.
PAY and upgrade.
Stay vulnerable if not running any gateways.

Your input is appreciated.


 
Dave
 
 ---
|Beach Computers|
|Affordable Hosting Solutions   |
|http://www.beachcomp.com   |
 ===
|Cheap Domain Warehouse |
|Get Your Own Dot!  |
|http://www.cheapdomainwarehouse.com|
 -- 


Disclaimer and confidentiality note:

The contents of this communication are intended/meant only for addressee(s)
and may contain information that is privileged or otherwise confidential.
If you are not the intended recipient you are hereby notified that any
disclosure, copying, distribution or taking any action in reliance on the
contents of this information is strictly prohibited and may be unlawful.
The contents of this e-mail shall not be forwarded to any third party. If
you have received this electronic mail transmission in error, please delete
it from your system without copying or forwarding it, and notify the sender
of the error by reply email, so that the sender's address records
can be corrected.
Views and opinions are solely those of the sender unless clearly indicated
as being that of Beach Computers or any of it's affiliated companies.
Beach Computers cannot assure that the integrity of this communication has
been maintained or that it is free of errors, virus, interception or
interference.



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Michael Thomas - Mathbox]

Bill,

It is viable. Imail will run for 30 days without the key. That should give
anyone time enough to get their key.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
 

 I just used the link, filled out the form, and got a reply 
 that I would have 
 an answer within 2 business days.
 If you are trying to get this done tonight or over the 
 weekend, this is not 
 a viable option.
 
 Bill Green
 dfn Systems
 


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Tripp Allen]

We are not currently planning a patch for 8.1X so you will need to upgrade.

Tripp


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Beach Computers
Sent: Friday, October 27, 2006 12:25 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

Tripp,

Is there anyone in Ipswitch that can CONFIRM this:

If any of your customers are running 8.15 they have 2 options.
PAY and upgrade.
Stay vulnerable if not running any gateways.

Your input is appreciated.



Dave

 ---
|Beach Computers|
|Affordable Hosting Solutions   |
|http://www.beachcomp.com   |
 ===
|Cheap Domain Warehouse |
|Get Your Own Dot!  |
|http://www.cheapdomainwarehouse.com|
 --


Disclaimer and confidentiality note:

The contents of this communication are intended/meant only for addressee(s)
and may contain information that is privileged or otherwise confidential.
If you are not the intended recipient you are hereby notified that any
disclosure, copying, distribution or taking any action in reliance on the
contents of this information is strictly prohibited and may be unlawful.
The contents of this e-mail shall not be forwarded to any third party. If
you have received this electronic mail transmission in error, please delete
it from your system without copying or forwarding it, and notify the sender
of the error by reply email, so that the sender's address records can be
corrected.
Views and opinions are solely those of the sender unless clearly indicated
as being that of Beach Computers or any of it's affiliated companies.
Beach Computers cannot assure that the integrity of this communication has
been maintained or that it is free of errors, virus, interception or
interference.



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Robbie Pardue]

 Does IPSwitch have stated life-of-product somewhere? I ask because Imail 8.2 came out in April 28 of 2005 and was the first to require "Activation" (?) Was the condition of this activation an active support contract at the time? And if so is one ordinarily included with the software at time of purchase? If, for example, one would ordinarily get a 1-year contract with purchase, then that would mean that someone purchasing imail before April 28 of 2004 would be excluded from this upgrade without purchasing a support contract. That makes the life-of-product for an IPSwitch purchase only 2.5
 years. I understand that "you don't pay for a support contract, you don't get to call when it breaks" is a reasonable standard. And I understand that "you don't get a support contract you don't get new features" is another okay standard.  But this is not a feature or a user problem, this is a security vulnerability. By refusing to release a patch for the basic functionality of Imail 8.15, Ipswitch is going from flag-ship software to abandonware in 2.5 years...which seems a little rough.  I understand that IPSwitch makes these products in order to make money and that a small-office admin with a system that is good enough for her needs, that her users know and like, and that doesn't change enough for her to need spendy service-contracts stops making money for IPswitch if she cannot be compelled to upgrade for by a marketing blitz, but Imail 8.15 itself was only
 released in February of 2005...that's 18 months ago. 18 months from THE-version to no-more-patches seems excessive. How about a patch for 8.15 and a time-of-life mailling. "We will no longer be supporting Imail 8.15 after January 31st, here are your options"...instead of "Nah, we've just decided arbitrarily that it's too much trouble". No warning, no nothing. Monday there's an exploit, Friday it's expired, that's just the way it is.   ...I talked to techsupport this morning and was told personally that nearly all of the cases of exploitation that they have seen have been of version 8.15. If SMTP was really so totally different between 8.15 and 8.22 then how can it have the exact same vulnerability? but still be too different to fix? If most of the people experiencing trouble are using 8.15 then how can it not be worth it to release a patch for
 them? Even for basic Internet Netiquette and reputation of the software this is not right. All apologies if I missed the "8.15 will expire on" in my monthly spamming and/or if this was in the fine-print when I clicked "Agree" (I guess).- Original Message From: Tripp Allen [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 10:15:19 AMSubject: RE: [IMail Forum]  SMTP Exploit Scanning Going on NOWWe are not currently planning a patch for 8.1X so you will need to upgrade.Tripp-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of Beach ComputersSent: Friday, October 27, 2006 12:25 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit
 Scanning Going on NOWTripp,Is there anyone in Ipswitch that can CONFIRM this:If any of your customers are running 8.15 they have 2 options.PAY and upgrade.Stay vulnerable if not running any gateways.Your input is appreciated.Dave ---|Beach Computers||Affordable Hosting Solutions ||http://www.beachcomp.com | ===|Cheap Domain Warehouse ||Get Your Own Dot!||http://www.cheapdomainwarehouse.com| --Disclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s)and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that anydisclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. Ifyou have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the senderof the error by reply email, so that the sender's address records can becorrected.Views and opinions are solely those of the sender unless clearly
 indicatedas being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication hasbeen maintained or that it is free of errors, virus, interception orinterference.To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[mnapuran]

On 27 Oct 2006 at 13:53, Robbie Pardue wrote:

I agree completely Robbie!  Good post!

Mike N
FXOL

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[marc]

same here, hope Kevin Gillis will answer this questions
otherwise it seems to answer my question about the manner to force an upgrade.

marc


At 20:53 27.10.2006, you wrote:

 Does IPSwitch have stated life-of-product somewhere?
 I ask because Imail 8.2 came out in April 28 of 2005 and was the first to 
 require Activation (?)
 Was the condition of this activation an active support contract at the 
 time?  And if so is one ordinarily included with the software at time of 
 purchase?
  If, for example, one would ordinarily get a 1-year contract with 
 purchase, then that would mean that someone purchasing imail before April 28 
 of 2004 would be excluded from this upgrade without purchasing a support 
 contract.  That makes the life-of-product for an IPSwitch purchase only 2.5 
 years.
  I understand that you don't pay for a support contract, you don't get 
 to call when it breaks is a reasonable standard.  And I understand that you 
 don't get a support contract you don't get new features is another okay 
 standard.  
 But this is not a feature or a user problem, this is a security 
 vulnerability.  By refusing to release a patch for the basic functionality of 
 Imail 8.15, Ipswitch is going from flag-ship software to abandonware in 2.5 
 years...which seems a little rough.  
 I understand that IPSwitch makes these products in order to make money 
 and that a small-office admin with a system that is good enough for her 
 needs, that her users know and like, and that doesn't change enough for her 
 to need spendy service-contracts stops making money for IPswitch if she 
 cannot be compelled to upgrade for by a marketing blitz, but Imail 8.15 
 itself was only released in February of 2005...that's 18 months ago.  18 
 months from THE-version to no-more-patches seems excessive.
 How about a patch for 8.15 and a time-of-life mailling.  We will no 
 longer be supporting Imail 8.15 after January 31st, here are your 
 options...instead of Nah, we've just decided arbitrarily that it's too much 
 trouble.  No warning, no nothing.  Monday there's an exploit, Friday it's 
 expired, that's just the way it is. 
  ...I talked to techsupport this morning and was told personally that 
 nearly all of the cases of exploitation that they have seen have been of 
 version 8.15.
 If SMTP was really so totally different between 8.15 and 8.22 then how 
 can it have the exact same vulnerability?  but still be too different to fix? 
  If most of the people experiencing trouble are using 8.15 then how can it 
 not be worth it to release a patch for them?  Even for basic Internet 
 Netiquette and reputation of the software this is not right.
 All apologies if I missed the 8.15 will expire on in my monthly 
 spamming and/or if this was in the fine-print when I clicked Agree (I 
 guess).



- Original Message 
From: Tripp Allen [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Friday, October 27, 2006 10:15:19 AM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

We are not currently planning a patch for 8.1X so you will need to upgrade.

Tripp


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Beach Computers
Sent: Friday, October 27, 2006 12:25 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

Tripp,

Is there anyone in Ipswitch that can CONFIRM this:

If any of your customers are running 8.15 they have 2 options.
PAY and upgrade.
Stay vulnerable if not running any gateways.

Your input is appreciated.



Dave

---
|Beach Computers|
|Affordable Hosting Solutions   |
|http://www.beachcomp.comhttp://www.beachcomp.com   |
===
|Cheap Domain Warehouse |
|Get Your Own Dot!  |
|http://www.cheapdomainwarehouse.comhttp://www.cheapdomainwarehouse.com|
--


Disclaimer and confidentiality note:

The contents of this communication are intended/meant only for addressee(s)
and may contain information that is privileged or otherwise confidential.
If you are not the intended recipient you are hereby notified that any
disclosure, copying, distribution or taking any action in reliance on the
contents of this information is strictly prohibited and may be unlawful.
The contents of this e-mail shall not be forwarded to any third party. If
you have received this electronic mail transmission in error, please delete
it from your system without copying or forwarding it, and notify the sender
of the error by reply email, so that the sender's address records can be
corrected.
Views and opinions are solely those of the sender unless clearly indicated
as being that of Beach Computers or any of it's affiliated companies.
Beach Computers cannot assure that the integrity of this communication has
been

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Mike N]

Well, that answers that question - 
aclientrunning 8.22 just had an SMTP crash. Therefor 
8.22 must be vulnerable. Successful payload delivery - who knows? [ They 
have an SA and are still in the final stages of moving to 2006 ].

- Original Message - 

  From: 
  Korey 
  Verlsteffen 
  To: Imail_Forum@list.ipswitch.com 
  
  Sent: Thursday, October 26, 2006 11:34 
  AM
  Subject: [IMail Forum] SMTP Exploit 
  Scanning Going on NOW
  
  Heads up everyone.My IDS systemsare 
  reportingheavy scanning for the IMail SMTP exploit. 
  

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Matrosity Hosting]

which version of 2006 is not open to 
this?

Bill Foresman 
Matrosity Hosting 
www.matrosity.com 
850.656.2644 



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Mike 
NSent: Thursday, October 26, 2006 12:42 PMTo: 
Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit 
Scanning Going on NOW

Well, that answers that question - 
aclientrunning 8.22 just had an SMTP crash. Therefor 
8.22 must be vulnerable. Successful payload delivery - who knows? [ They 
have an SA and are still in the final stages of moving to 2006 ].

- Original Message - 

  From: 
  Korey 
  Verlsteffen 
  To: Imail_Forum@list.ipswitch.com 
  
  Sent: Thursday, October 26, 2006 11:34 
  AM
  Subject: [IMail Forum] SMTP Exploit 
  Scanning Going on NOW
  
  Heads up everyone.My IDS systemsare 
  reportingheavy scanning for the IMail SMTP exploit. 
  

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Imail]

That might not be what you think.  SMTP has had a problem crashing since 
v8.x came out.  I'd do a little more research before determining it was 
compromised.


Mike N wrote:
Well, that answers that question - a client running 8.22 just had an 
SMTP crash.   Therefor 8.22 must be vulnerable.  Successful payload 
delivery - who knows? [ They have an SA and are still in the final 
stages of moving to 2006 ].
 
- Original Message -


*From:* Korey Verlsteffen mailto:[EMAIL PROTECTED]
*To:* Imail_Forum@list.ipswitch.com
mailto:Imail_Forum@list.ipswitch.com
*Sent:* Thursday, October 26, 2006 11:34 AM
*Subject:* [IMail Forum] SMTP Exploit Scanning Going on NOW

Heads up everyone. My IDS systems are reporting heavy scanning for
the IMail SMTP exploit. 
 



---
[This E-mail scanned for viruses courtesy of Netslyder, 
Inc.(http://www.netslyder.net)]

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Troy D. Hilton]

From what I understand both 8.2x and 2006
are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html





Troy D. Hilton

Serveon, Inc.

302-529-8640

[EMAIL PROTECTED]











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Matrosity Hosting
Sent: Thursday, October 26, 2006
12:49 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP
Exploit Scanning Going on NOW





which version of 2006 is not open to this?







Bill
Foresman 
Matrosity
Hosting 
www.matrosity.com

850.656.2644
















From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Mike N
Sent: Thursday, October 26, 2006
12:42 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP
Exploit Scanning Going on NOW



Well, that answers that question -
aclientrunning 8.22 just had an SMTP crash. Therefor
8.22 must be vulnerable. Successful payload delivery - who knows? [ They
have an SA and are still in the final stages of moving to 2006 ].











- Original Message - 







From: Korey Verlsteffen






To: Imail_Forum@list.ipswitch.com 





Sent: Thursday, October
26, 2006 11:34 AM





Subject: [IMail Forum] SMTP
Exploit Scanning Going on NOW











Heads up everyone.My IDS systemsare
reportingheavy scanning for the IMail SMTP exploit. 

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Servei Tecnic [ MICROTECH ]]

So, 8.05 is vulnerable too, isn't it??

Regards,
Pere Ginabreda







-Mensaje original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] nombre de Troy D. Hilton
Enviado el: jueves, 26 de octubre de 2006 19:04
Para: Imail_Forum@list.ipswitch.com
Asunto: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


From what I understand both 8.2x and 2006 are vulnerable. Check here:
http://www.securiteam.com/exploits/6G00L0KH5E.html

Troy D. Hilton
Serveon, Inc.
302-529-8640
[EMAIL PROTECTED]



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting
Sent: Thursday, October 26, 2006 12:49 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

which version of 2006 is not open to this?

Bill Foresman
Matrosity Hosting
www.matrosity.com
850.656.2644





From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike N
Sent: Thursday, October 26, 2006 12:42 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Well, that answers that question - a client running 8.22 just had an SMTP
crash.   Therefor 8.22 must be vulnerable.  Successful payload delivery -
who knows? [ They have an SA and are still in the final stages of moving to
2006 ].

- Original Message -
From: Korey Verlsteffen
To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 11:34 AM
Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW

Heads up everyone. My IDS systems are reporting heavy scanning for the IMail
SMTP exploit.


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Bill Puetz]

From what I understand both 8.2x and 2006 are vulnerable. Check here:
http://www.securiteam.com/exploits/6G00L0KH5E.html


It says 8.x, so I assume that 8.15  and earlier are also vulnerable.

Has Ipswitch made any recent statements about patches to pre-2006 versions? 
Since I can't use 2006 because of its Mac non-support, I guess I need to do 
an emergency cut-over to another product.


Bill


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Mike N]

which version of 2006 is not open to this?


  2006.1 was the first with the fixes.  .04 and lower is vulnerable.

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Matrosity Hosting]

So Ipswitch has let ALL of their customers sit vulnerable 
regardless of having an SA?

Someone from Ipswitch really needs to inform us all of the 
situation and EXACTLY when it will be corrected.
Bill Foresman 
Matrosity Hosting 
www.matrosity.com 
850.656.2644 



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Troy D. 
HiltonSent: Thursday, October 26, 2006 1:04 PMTo: 
Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
Scanning Going on NOW


From what I understand 
both 8.2x and 2006 are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html


Troy D. 
Hilton
Serveon, 
Inc.
302-529-8640
[EMAIL PROTECTED]




From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Matrosity 
HostingSent: Thursday, October 
26, 2006 12:49 PMTo: 
Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
Scanning Going on NOW

which version of 2006 
is not open to this?


Bill 
Foresman Matrosity Hosting 
www.matrosity.com 
850.656.2644 







From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Mike NSent: Thursday, October 26, 2006 12:42 
PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit 
Scanning Going on NOW

Well, that answers that question - 
aclientrunning 8.22 just had an SMTP crash. Therefor 
8.22 must be vulnerable. Successful payload delivery - who knows? [ They 
have an SA and are still in the final stages of moving to 2006 
].



- Original Message - 


  
  From: Korey 
  Verlsteffen 
  
  To: Imail_Forum@list.ipswitch.com 
  
  
  Sent: Thursday, 
  October 26, 2006 11:34 AM
  
  Subject: [IMail 
  Forum] SMTP Exploit Scanning Going on NOW
  
  
  
  Heads up everyone.My IDS 
  systemsare reportingheavy scanning for the IMail SMTP 
  exploit. 
  
  

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Troy D. Hilton]

According to the article, yes.

Troy D. Hilton
Serveon, Inc.
302-529-8640
[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Servei Tecnic [
MICROTECH ]
Sent: Thursday, October 26, 2006 1:10 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

So, 8.05 is vulnerable too, isn't it??

Regards,
Pere Ginabreda







-Mensaje original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] nombre de Troy D. Hilton
Enviado el: jueves, 26 de octubre de 2006 19:04
Para: Imail_Forum@list.ipswitch.com
Asunto: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


From what I understand both 8.2x and 2006 are vulnerable. Check here:
http://www.securiteam.com/exploits/6G00L0KH5E.html

Troy D. Hilton
Serveon, Inc.
302-529-8640
[EMAIL PROTECTED]



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting
Sent: Thursday, October 26, 2006 12:49 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

which version of 2006 is not open to this?

Bill Foresman
Matrosity Hosting
www.matrosity.com
850.656.2644





From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike N
Sent: Thursday, October 26, 2006 12:42 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Well, that answers that question - a client running 8.22 just had an SMTP
crash.   Therefor 8.22 must be vulnerable.  Successful payload delivery -
who knows? [ They have an SA and are still in the final stages of moving to
2006 ].

- Original Message -
From: Korey Verlsteffen
To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 11:34 AM
Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW

Heads up everyone. My IDS systems are reporting heavy scanning for the IMail
SMTP exploit.


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Brian L. Wolfsohn]

At 01:24 PM 10/26/2006, you wrote:

I may be time to go public to the tech publications to increase the 
pressure on ipswitch to come up w/ a solution..



So, 8.05 is vulnerable too, isn't it??



Brian L. Wolfsohnhttp://www.cus.com
CUS Business Systems Ft.Lauderdale,FL
Software for Auctioneers (954) 680-6545 Email:[EMAIL PROTECTED]

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Troy D. Hilton]

This was the reason I sat put with 7.15. Ive
learned to always wait until Sandy
and some other here test the waters on the newer versions and detect all the
bugs/flaws and see them resolved before I make a move to upgrade. This is a
shame though that it hasnt been resolved in 8.x IMO, forcing an upgrade
to a new version to resolve a bug is not acceptable in this case. If we were
talking about a stand-alone desktop app then perhaps, but a mail server is not
something you can simply jump in and out of versions on nor would we want to.



Perhaps this thread is stirring the fires
at Ipswitch to do something.





Troy D. Hilton

Serveon, Inc.

302-529-8640

[EMAIL PROTECTED]











From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Matrosity Hosting
Sent: Thursday, October 26, 2006
1:23 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP
Exploit Scanning Going on NOW





So Ipswitch has let ALL of their customers
sit vulnerable regardless of having an SA?



Someone from Ipswitch really needs to
inform us all of the situation and EXACTLY when it will be corrected.

Bill
Foresman 
Matrosity
Hosting 
www.matrosity.com

850.656.2644
















From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Troy D. Hilton
Sent: Thursday, October 26, 2006
1:04 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP
Exploit Scanning Going on NOW

From what I understand both 8.2x and 2006
are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html





Troy D. Hilton

Serveon, Inc.

302-529-8640

[EMAIL PROTECTED]











From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Matrosity Hosting
Sent: Thursday, October 26, 2006
12:49 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP
Exploit Scanning Going on NOW





which version of 2006 is not open to this?







Bill
Foresman 
Matrosity
Hosting 
www.matrosity.com

850.656.2644
















From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Mike N
Sent: Thursday, October 26, 2006
12:42 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP
Exploit Scanning Going on NOW



Well, that answers that question -
aclientrunning 8.22 just had an SMTP crash. Therefor
8.22 must be vulnerable. Successful payload delivery - who knows? [ They
have an SA and are still in the final stages of moving to 2006 ].











- Original Message - 







From: Korey Verlsteffen






To: Imail_Forum@list.ipswitch.com 





Sent: Thursday, October
26, 2006 11:34 AM





Subject: [IMail Forum] SMTP
Exploit Scanning Going on NOW











Heads up everyone.My IDS systemsare
reportingheavy scanning for the IMail SMTP exploit. 

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Robbie Pardue]

   I'm going to say that it is what you think it is. You can search your system logs for "error 10038" and that might tell you for sure.   We have seen thethe "non responding / still says running SMTP" beginning Monday. In all cases we see lines like:RCPT TO:  @qo#9829;#9658;:ÉÉÉ  ÉÉÉ (a variety of special characters in the string)   Followed by:SMTPD() send error 10038 and somewhere thereafter SMTP stops working. We are currently using 8.15, and were advised by techsupport (response this morning,
 though before this thread, to try 8.22 or 2006...neither of which, by themselves would work, though I am getting the impression that a recent patch of 2006 might fix this?)That might not be what you think. SMTP has had a problem crashing since v8.x came out. I'd do a little more research before determining it was compromised.  Mike N wrote:   Well, that answers that question - a client running 8.22 just had anSMTP crash. Therefor 8.22 must be vulnerable. Successful payloaddelivery - who knows? [ They have an SA and are still in the finalstages of moving to 2006 ].  - Original Message - *From:* Korey Verlsteffen mailto:[EMAIL PROTECTED]  
 *To:* Imail_Forum@list.ipswitch.com   mailto:Imail_Forum@list.ipswitch.com   *Sent:* Thursday, October 26, 2006 11:34 AM   *Subject:* [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone. My IDS systems are reporting heavy scanning for   the IMail SMTP exploit.---  [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)]  To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html  List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/  Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ 
		Do you Yahoo!? 
Get on board. You're invited to try the new Yahoo! Mail.

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Larry Stroud]

I read the link below.  I am running IMAIL Server 2006.1 which is not
listed under affected products.  May I assume that 2006.1 is not
vulnerable?

Larry Stroud
Director, Computer Services
CIS Project Manager - Phase IIB
BlackBoard Administrator
Groupwise Administrator
Instructor, Computer Studies
Edgecombe Community College
2009 West Wilson Street
Tarboro, NC 27886

Voice: 252-823-5166 x267
Fax:252-823-6817
Email: [EMAIL PROTECTED]
Tarboro Campus, Bldg A, Office 171

Make it happen, better, and faster.

E-mail correspondence to and from this address may be subject to the
North Carolina Public Records Law and may be disclosed to third parties
by an authorized state official. (NCGS.Ch.132)


E-mail correspondence to and from this sender may be subject to the
North Carolina Public Records law and may be disclosed to third parties.


 Korey Verlsteffen [EMAIL PROTECTED] 10/26/2006 11:34:37 am

Heads up everyone. My IDS systems are reporting heavy scanning for the
IMail SMTP exploit.  

http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html 



Sincerely,

Korey Verlsteffen
Network Administrator
WebStream Internet Solutions

[EMAIL PROTECTED] 
http://www.webstream.net

E-mail correspondence to and from this sender may be subject to the
North Carolina Public Records law and may be disclosed to third parties.


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Matrosity Hosting]

Just upgraded, again, and am on hold 23+ minutes with tech support. Nice.

Bill Foresman
Matrosity Hosting
www.matrosity.com
850.656.2644

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Stroud
Sent: Thursday, October 26, 2006 1:42 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

I read the link below.  I am running IMAIL Server 2006.1 which is not listed
under affected products.  May I assume that 2006.1 is not vulnerable?

Larry Stroud
Director, Computer Services
CIS Project Manager - Phase IIB
BlackBoard Administrator
Groupwise Administrator
Instructor, Computer Studies
Edgecombe Community College
2009 West Wilson Street
Tarboro, NC 27886

Voice: 252-823-5166 x267
Fax:252-823-6817
Email: [EMAIL PROTECTED]
Tarboro Campus, Bldg A, Office 171

Make it happen, better, and faster.

E-mail correspondence to and from this address may be subject to the North
Carolina Public Records Law and may be disclosed to third parties by an
authorized state official. (NCGS.Ch.132)


E-mail correspondence to and from this sender may be subject to the North
Carolina Public Records law and may be disclosed to third parties.


 Korey Verlsteffen [EMAIL PROTECTED] 10/26/2006 11:34:37 am

Heads up everyone. My IDS systems are reporting heavy scanning for the IMail
SMTP exploit.  

http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html 



Sincerely,

Korey Verlsteffen
Network Administrator
WebStream Internet Solutions

[EMAIL PROTECTED]
http://www.webstream.net

E-mail correspondence to and from this sender may be subject to the North
Carolina Public Records law and may be disclosed to third parties.


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[John T \(Lists\)]

 Has Ipswitch made any recent statements about patches to pre-2006
versions?
 Since I can't use 2006 because of its Mac non-support, I guess I need to
do
 an emergency cut-over to another product.

Excuse you, but please provide proof that some one using ANY version of a
MAC OS can not access any version of Imail 2006 webmail from ANY browser and
I will prove you wrong.

People have a tendency to insert foot into open mouth (including me) when
making such wide open generalized accuzations.

The reported problem in 2006.1 is with Safari even though I have one user on
OSX 10.4 using Safari to access my webmail on 2006.1.

John T
eServices For You

Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Mark Pipkin]

So those that have been effected by this
are they behind a SMTP firewall and still get hit or are these servers SMTP
live to the internet?











From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Korey Verlsteffen
Sent: Thursday, October 26, 2006
11:35 AM
To: Imail_Forum@list.ipswitch.com
Subject: [IMail Forum] SMTP
Exploit Scanning Going on NOW







Heads up everyone.My IDS systemsare
reportingheavy scanning for the IMail SMTP exploit. 











http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html

















Sincerely,











Korey Verlsteffen
Network Administrator
WebStream Internet Solutions











[EMAIL PROTECTED]
http://www.webstream.net

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Troy D. Hilton]

According to the doc. It's pre 2006.1 so you're OK. If you had 2006.04 you'd
be vulnerable.

Troy D. Hilton
Serveon, Inc.
302-529-8640
[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Stroud
Sent: Thursday, October 26, 2006 1:42 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

I read the link below.  I am running IMAIL Server 2006.1 which is not
listed under affected products.  May I assume that 2006.1 is not
vulnerable?

Larry Stroud
Director, Computer Services
CIS Project Manager - Phase IIB
BlackBoard Administrator
Groupwise Administrator
Instructor, Computer Studies
Edgecombe Community College
2009 West Wilson Street
Tarboro, NC 27886

Voice: 252-823-5166 x267
Fax:252-823-6817
Email: [EMAIL PROTECTED]
Tarboro Campus, Bldg A, Office 171

Make it happen, better, and faster.

E-mail correspondence to and from this address may be subject to the
North Carolina Public Records Law and may be disclosed to third parties
by an authorized state official. (NCGS.Ch.132)


E-mail correspondence to and from this sender may be subject to the
North Carolina Public Records law and may be disclosed to third parties.


 Korey Verlsteffen [EMAIL PROTECTED] 10/26/2006 11:34:37 am

Heads up everyone. My IDS systems are reporting heavy scanning for the
IMail SMTP exploit.  

http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html 



Sincerely,

Korey Verlsteffen
Network Administrator
WebStream Internet Solutions

[EMAIL PROTECTED] 
http://www.webstream.net

E-mail correspondence to and from this sender may be subject to the
North Carolina Public Records law and may be disclosed to third parties.


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Adam Campbell]

http://secunia.com/advisories/21795 says the solution is to update to
version 2006.1.

http://www.ipswitch.com/support/imail/releases/im20061.asp says 2006.1 fixes
a vulnerability.

adamc

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Stroud
Sent: Thursday, October 26, 2006 13:42
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

I read the link below.  I am running IMAIL Server 2006.1 which is not listed
under affected products.  May I assume that 2006.1 is not vulnerable?

Larry Stroud
Director, Computer Services
CIS Project Manager - Phase IIB
BlackBoard Administrator
Groupwise Administrator
Instructor, Computer Studies
Edgecombe Community College
2009 West Wilson Street
Tarboro, NC 27886

Voice: 252-823-5166 x267
Fax:252-823-6817
Email: [EMAIL PROTECTED]
Tarboro Campus, Bldg A, Office 171

Make it happen, better, and faster.

E-mail correspondence to and from this address may be subject to the North
Carolina Public Records Law and may be disclosed to third parties by an
authorized state official. (NCGS.Ch.132)


E-mail correspondence to and from this sender may be subject to the North
Carolina Public Records law and may be disclosed to third parties.


 Korey Verlsteffen [EMAIL PROTECTED] 10/26/2006 11:34:37 am

Heads up everyone. My IDS systems are reporting heavy scanning for the IMail
SMTP exploit.  

http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html 



Sincerely,

Korey Verlsteffen
Network Administrator
WebStream Internet Solutions

[EMAIL PROTECTED]
http://www.webstream.net

E-mail correspondence to and from this sender may be subject to the North
Carolina Public Records law and may be disclosed to third parties.


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Matrosity Hosting]

I tell our Mac customers to use Firefox which works fine. 


Bill Foresman
Matrosity Hosting
www.matrosity.com
850.656.2644

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
Sent: Thursday, October 26, 2006 2:22 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

 Has Ipswitch made any recent statements about patches to pre-2006
versions?
 Since I can't use 2006 because of its Mac non-support, I guess I need 
 to
do
 an emergency cut-over to another product.

Excuse you, but please provide proof that some one using ANY version of a
MAC OS can not access any version of Imail 2006 webmail from ANY browser and
I will prove you wrong.

People have a tendency to insert foot into open mouth (including me) when
making such wide open generalized accuzations.

The reported problem in 2006.1 is with Safari even though I have one user on
OSX 10.4 using Safari to access my webmail on 2006.1.

John T
eServices For You

Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Matrosity Hosting]

45 minutes on hold so far. I can't believe I'm paying for this kind of
support. The hold times, at least for me, have been this bad since 2006 came
out.

Very disappointing but this is a shining example of why smaller companies
take business away from larger ones.

Bill Foresman
Matrosity Hosting
www.matrosity.com
850.656.2644

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting
Sent: Thursday, October 26, 2006 2:35 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

I tell our Mac customers to use Firefox which works fine. 


Bill Foresman
Matrosity Hosting
www.matrosity.com
850.656.2644

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
Sent: Thursday, October 26, 2006 2:22 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

 Has Ipswitch made any recent statements about patches to pre-2006
versions?
 Since I can't use 2006 because of its Mac non-support, I guess I need 
 to
do
 an emergency cut-over to another product.

Excuse you, but please provide proof that some one using ANY version of a
MAC OS can not access any version of Imail 2006 webmail from ANY browser and
I will prove you wrong.

People have a tendency to insert foot into open mouth (including me) when
making such wide open generalized accuzations.

The reported problem in 2006.1 is with Safari even though I have one user on
OSX 10.4 using Safari to access my webmail on 2006.1.

John T
eServices For You

Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Robbie Pardue]

 I'm not sure how a firewall could help in this instance (if someone can enlighten me you would have my gratitude). As SMTP needs to be opened to the world in order for imail to receive mail, a firewall has simply to allow it (I think) or there is no mail, and that's that.Mark Pipkin [EMAIL PROTECTED] wrote: So those that have been effected by this are they behind a
 SMTP firewall and still get hit or are these servers SMTP live to the internet?From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Korey Verlsteffen Sent: Thursday, October 26, 2006 11:35
 AM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] SMTP Exploit Scanning Going on NOWHeads up everyone.My IDS systemsare reportingheavy scanning for the IMail SMTP exploit. http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html  Sincerely,Korey Verlsteffen Network Administrator WebStream Internet
 Solutions[EMAIL PROTECTED] http://www.webstream.net   
		 All-new Yahoo! Mail - Fire up a more powerful email and get things done faster. 
		Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[John T \(Lists\)]

Which is my point to Bill Puetz!

John T
eServices For You

Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)



 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Imail_Forum-
 [EMAIL PROTECTED] On Behalf Of Matrosity Hosting
 Sent: Thursday, October 26, 2006 11:35 AM
 To: Imail_Forum@list.ipswitch.com
 Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
 
 I tell our Mac customers to use Firefox which works fine.
 
 
 Bill Foresman
 Matrosity Hosting
 www.matrosity.com
 850.656.2644
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
 Sent: Thursday, October 26, 2006 2:22 PM
 To: Imail_Forum@list.ipswitch.com
 Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
 
  Has Ipswitch made any recent statements about patches to pre-2006
 versions?
  Since I can't use 2006 because of its Mac non-support, I guess I need
  to
 do
  an emergency cut-over to another product.
 
 Excuse you, but please provide proof that some one using ANY version of a
 MAC OS can not access any version of Imail 2006 webmail from ANY browser
and
 I will prove you wrong.
 
 People have a tendency to insert foot into open mouth (including me) when
 making such wide open generalized accuzations.
 
 The reported problem in 2006.1 is with Safari even though I have one user
on
 OSX 10.4 using Safari to access my webmail on 2006.1.
 
 John T
 eServices For You
 
 Life is a succession of lessons which must be lived to be understood.
 Ralph Waldo Emerson (1802-1882)
 
 
 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
 
 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[John T \(Lists\)]

Ah, but some firewalls can be configured
to be a proxy or apply rules/configurations to the SMTP commands or both.



SMTP Message Screener via ISA Server is
one that comes to mind.





John T

eServices For You



Life is a succession
of lessons which must be lived to be understood.

Ralph Waldo Emerson
(1802-1882)









-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Robbie Pardue
Sent: Thursday,
 October 26, 2006 11:41 AM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP
Exploit Scanning Going on NOW




 I'm not sure how a firewall could help in this
instance (if someone can enlighten me you would have my gratitude). As
SMTP needs to be opened to the world in order for imail to receive mail, a
firewall has simply to allow it (I think) or there is no mail, and that's that.



Mark Pipkin
[EMAIL PROTECTED] wrote:



So those that have been effected by this are they behind a SMTP firewall and still get hit or are these servers SMTP live to the internet?



















From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Korey Verlsteffen
Sent: Thursday,
 October 26, 2006 11:35 AM
To: Imail_Forum@list.ipswitch.com
Subject: [IMail Forum] SMTP
Exploit Scanning Going on NOW















Heads up everyone.My IDS systemsare
reportingheavy scanning for the IMail SMTP exploit. 



















http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html





























Sincerely,



















Korey Verlsteffen
Network Administrator
WebStream Internet Solutions



















[EMAIL PROTECTED]
http://www.webstream.net













All-new
Yahoo! Mail - Fire up a more powerful email and get things done faster.

  







Yahoo! Messenger with Voice. Make
PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or
less.

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Adam Campbell]

Just external hosts I figure. An internal 
host wouldn't get the corrupted 'rcpt to' command as the external 
hostshouldn't accept it.

adamc


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Mark 
PipkinSent: Thursday, October 26, 2006 14:24To: 
Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
Scanning Going on NOW


So those that have been 
effected by this are they behind a SMTP firewall and still get hit or are these 
servers SMTP live to the internet?





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Korey 
VerlsteffenSent: Thursday, 
October 26, 2006 11:35 AMTo: 
Imail_Forum@list.ipswitch.comSubject: [IMail Forum] SMTP Exploit 
Scanning Going on NOW


Heads up everyone.My IDS 
systemsare reportingheavy scanning for the IMail SMTP exploit. 




http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html





Sincerely,



Korey VerlsteffenNetwork 
AdministratorWebStream Internet Solutions



[EMAIL PROTECTED]http://www.webstream.net

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Matrosity Hosting]

Got through - 61 minutes. 

Bill Foresman
Matrosity Hosting
www.matrosity.com
850.656.2644

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting
Sent: Thursday, October 26, 2006 2:41 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

45 minutes on hold so far. I can't believe I'm paying for this kind of
support. The hold times, at least for me, have been this bad since 2006 came
out.

Very disappointing but this is a shining example of why smaller companies
take business away from larger ones.

Bill Foresman
Matrosity Hosting
www.matrosity.com
850.656.2644

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting
Sent: Thursday, October 26, 2006 2:35 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

I tell our Mac customers to use Firefox which works fine. 


Bill Foresman
Matrosity Hosting
www.matrosity.com
850.656.2644

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
Sent: Thursday, October 26, 2006 2:22 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

 Has Ipswitch made any recent statements about patches to pre-2006
versions?
 Since I can't use 2006 because of its Mac non-support, I guess I need 
 to
do
 an emergency cut-over to another product.

Excuse you, but please provide proof that some one using ANY version of a
MAC OS can not access any version of Imail 2006 webmail from ANY browser and
I will prove you wrong.

People have a tendency to insert foot into open mouth (including me) when
making such wide open generalized accuzations.

The reported problem in 2006.1 is with Safari even though I have one user on
OSX 10.4 using Safari to access my webmail on 2006.1.

John T
eServices For You

Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Doug Traylor]

I'm not sure how a firewall could help in this instance (if someone 
can enlighten me
 you would have my gratitude).  As SMTP needs to be opened to the world in 
order for
 imail to receive mail, a firewall has simply to allow it (I think) or 
there is no mail, and that's that.

 or less.



Maybe he meant a gateway?  For Imail to be safe from this its smtp service 
cannot be open to the internet unless you are running 2006.1, there must be 
something else answering the smtp connections from the world (internet). 
That something should also be doing recipient validation and block relaying 
at the very least.  That way this exploit would never reach Imail to 
compromise it.  Then you only have to worry about your gateway being 
compromised, lol.


Doug Traylor


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Tripp Allen]

2006.1 is not vulnerable to this exploit.

We are working on a update for 8.22 which will include one DLL that needs to
be copied over the old one during a stop / start of smtpd32. I'll post a
link here as soon as it's available.

Tripp


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Jeff Hitchcock]

I'm hoping that having my IMGate servers as the published MX servers
instead of my iMail server reduces the exposure to this attack.

I do have the iMail server open for incoming SMTP, but it is known only
to customers. Port scanning would find it, obviously.
 
Perhaps blocking port 25 at the outside firewall and using only the
alternate port 587 would help. Does anyone know if the current scans are
hitting only port 25?

Jeff Hitchcock - [EMAIL PROTECTED]



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robbie Pardue
Sent: Thursday, October 26, 2006 2:41 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW



 I'm not sure how a firewall could help in this instance (if someone
can enlighten me you would have my gratitude).  As SMTP needs to be
opened to the world in order for imail to receive mail, a firewall has
simply to allow it (I think) or there is no mail, and that's that.



Mark Pipkin [EMAIL PROTECTED] wrote: 

So those that have been effected by this are they behind a SMTP
firewall and still get hit or are these servers SMTP live to the
internet?


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Korey
Verlsteffen
Sent: Thursday, October 26, 2006 11:35 AM
To: Imail_Forum@list.ipswitch.com
Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW
Heads up everyone. My IDS systems are reporting heavy
scanning for the IMail SMTP exploit.  

http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html
Sincerely,
Korey Verlsteffen
Network Administrator
WebStream Internet Solutions
[EMAIL PROTECTED]
http://www.webstream.net


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Grant Griffith]

Thanks Tripp!!!

Thanks,
Grant Griffith
Web Application Developer
Enhanced Telecommunications
http://www.etczone.com
812-932-1000

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen
Sent: Thursday, October 26, 2006 3:02 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

2006.1 is not vulnerable to this exploit.

We are working on a update for 8.22 which will include one DLL that
needs to
be copied over the old one during a stop / start of smtpd32. I'll post a
link here as soon as it's available.

Tripp


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Robbie Pardue]

 Ask them if a patch is forthcoming for 8x versions or if forced inplace upgrade is the only option (please). I gave up after exactly 61 minutes (weird huh?) and left a message. Otherwish have gotten no response from support mail, my sales contact, or even the product manager's voicemail.Matrosity Hosting [EMAIL PROTECTED] wrote: Got through - 61 minutes. Bill ForesmanMatrosity Hostingwww.matrosity.com850.656.2644-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of Matrosity HostingSent: Thursday, October 26, 2006 2:41 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW45 minutes on hold so far. I can't believe I'm
 paying for this kind ofsupport. The hold times, at least for me, have been this bad since 2006 cameout.Very disappointing but this is a shining example of why smaller companiestake business away from larger ones.Bill ForesmanMatrosity Hostingwww.matrosity.com850.656.2644-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of Matrosity HostingSent: Thursday, October 26, 2006 2:35 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOWI tell our Mac customers to use Firefox which works fine. Bill ForesmanMatrosity Hostingwww.matrosity.com850.656.2644-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)Sent: Thursday, October 26, 2006 2:22 PMTo:
 Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Has Ipswitch made any recent statements about patches to pre-2006versions? Since I can't use 2006 because of its Mac non-support, I guess I need  todo an emergency cut-over to another product.Excuse you, but please provide proof that some one using ANY version of aMAC OS can not access any version of Imail 2006 webmail from ANY browser andI will prove you wrong.People have a tendency to insert foot into open mouth (including me) whenmaking such wide open generalized accuzations.The reported problem in 2006.1 is with Safari even though I have one user onOSX 10.4 using Safari to access my webmail on 2006.1.John TeServices For You"Life is a succession of lessons which must be lived to be understood."Ralph Waldo Emerson (1802-1882)To Unsubscribe:
 http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ 
		Get your email and more, right on the  new Yahoo.com 

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Beach Computers]

Here's one...
Using ASSP, should be safe right?
 


 
Dave
 
 ---
|Beach Computers|
|Affordable Hosting Solutions   |
|http://www.beachcomp.com   |
 ===
|Cheap Domain Warehouse |
|Get Your Own Dot!  |
|http://www.cheapdomainwarehouse.com|
 -- 


Disclaimer and confidentiality note:

The contents of this communication are intended/meant only for addressee(s)
and may contain information that is privileged or otherwise confidential.
If you are not the intended recipient you are hereby notified that any
disclosure, copying, distribution or taking any action in reliance on the
contents of this information is strictly prohibited and may be unlawful.
The contents of this e-mail shall not be forwarded to any third party. If
you have received this electronic mail transmission in error, please delete
it from your system without copying or forwarding it, and notify the sender
of the error by reply email, so that the sender's address records
can be corrected.
Views and opinions are solely those of the sender unless clearly indicated
as being that of Beach Computers or any of it's affiliated companies.
Beach Computers cannot assure that the integrity of this communication has
been maintained or that it is free of errors, virus, interception or
interference.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Doug Traylor
Sent: Thursday, October 26, 2006 3:01 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

 I'm not sure how a firewall could help in this instance (if 
 someone can enlighten me  you would have my gratitude).  As SMTP needs 
 to be opened to the world in order for  imail to receive mail, a 
 firewall has simply to allow it (I think) or there is no mail, and 
 that's that.
  or less.


Maybe he meant a gateway?  For Imail to be safe from this its smtp service 
cannot be open to the internet unless you are running 2006.1, there must be 
something else answering the smtp connections from the world (internet). 
That something should also be doing recipient validation and block relaying 
at the very least.  That way this exploit would never reach Imail to 
compromise it.  Then you only have to worry about your gateway being 
compromised, lol.

Doug Traylor


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/




To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Grant Griffith]

I am sure that would work, but as you know the more port 587 is
published, it will be hit also...  We are looking into doing this as
well.  We just put an IMGate server in front of our Barracuda we have
and have it filtering using just a few tests and recipient verification
and it dropped our load on the barracuda by 300%!  We were seeing around
400k email a day on the cuda and IMGate reduced it to under 100k day.

Thanks,
Grant Griffith
Web Application Developer
Enhanced Telecommunications
http://www.etczone.com
812-932-1000

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Hitchcock
Sent: Thursday, October 26, 2006 3:05 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

I'm hoping that having my IMGate servers as the published MX servers
instead of my iMail server reduces the exposure to this attack.

I do have the iMail server open for incoming SMTP, but it is known only
to customers. Port scanning would find it, obviously.
 
Perhaps blocking port 25 at the outside firewall and using only the
alternate port 587 would help. Does anyone know if the current scans are
hitting only port 25?

Jeff Hitchcock - [EMAIL PROTECTED]



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robbie Pardue
Sent: Thursday, October 26, 2006 2:41 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW



 I'm not sure how a firewall could help in this instance (if someone
can enlighten me you would have my gratitude).  As SMTP needs to be
opened to the world in order for imail to receive mail, a firewall has
simply to allow it (I think) or there is no mail, and that's that.



Mark Pipkin [EMAIL PROTECTED] wrote: 

So those that have been effected by this are they behind a SMTP
firewall and still get hit or are these servers SMTP live to the
internet?


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Korey
Verlsteffen
Sent: Thursday, October 26, 2006 11:35 AM
To: Imail_Forum@list.ipswitch.com
Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW
Heads up everyone. My IDS systems are reporting heavy
scanning for the IMail SMTP exploit.  

http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html
Sincerely,
Korey Verlsteffen
Network Administrator
WebStream Internet Solutions
[EMAIL PROTECTED]
http://www.webstream.net


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Imail]

Thanks Tripp, I think.

Will this be available for us that have hesitated to renew our SA's?

Mark

Tripp Allen wrote:

2006.1 is not vulnerable to this exploit.

We are working on a update for 8.22 which will include one DLL that needs to
be copied over the old one during a stop / start of smtpd32. I'll post a
link here as soon as it's available.

Tripp


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
---
[This E-mail scanned for viruses courtesy of Netslyder, 
Inc.(http://www.netslyder.net)]



  


---
[This E-mail scanned for viruses courtesy of Netslyder, 
Inc.(http://www.netslyder.net)]

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Tripp Allen]

The dll will be placed on our FTP servers and a KB article will be created
with a link to that download.  Anyone will be able to download the .dll and
install it, but you should only do that if you have 8.22.

Tripp


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Imail
Sent: Thursday, October 26, 2006 3:26 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

Thanks Tripp, I think.

Will this be available for us that have hesitated to renew our SA's?

Mark

Tripp Allen wrote:
 2006.1 is not vulnerable to this exploit.

 We are working on a update for 8.22 which will include one DLL that
 needs to be copied over the old one during a stop / start of smtpd32.
 I'll post a link here as soon as it's available.

 Tripp


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive:
 http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
 ---
 [This E-mail scanned for viruses courtesy of Netslyder,
 Inc.(http://www.netslyder.net)]





---
[This E-mail scanned for viruses courtesy of Netslyder,
Inc.(http://www.netslyder.net)]

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Che Vilnonis]

I would hope so. This is NOT a new feature... it is a fix for a flaw in
their software.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Imail
Sent: Thursday, October 26, 2006 3:26 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW


Thanks Tripp, I think.

Will this be available for us that have hesitated to renew our SA's?

Mark

Tripp Allen wrote:
 2006.1 is not vulnerable to this exploit.

 We are working on a update for 8.22 which will include one DLL that 
 needs to be copied over the old one during a stop / start of smtpd32. 
 I'll post a link here as soon as it's available.

 Tripp


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: 
 http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
 ---
 [This E-mail scanned for viruses courtesy of Netslyder,
Inc.(http://www.netslyder.net)]



   

---
[This E-mail scanned for viruses courtesy of Netslyder,
Inc.(http://www.netslyder.net)]

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Mark Reimer]

What is the best way to confirm your version number in Imail 2006?

Mark Reimer
IT System Admin
American CareSource
972-308-6887
 
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen
Sent: Thursday, October 26, 2006 2:29 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

The dll will be placed on our FTP servers and a KB article will be created
with a link to that download.  Anyone will be able to download the .dll and
install it, but you should only do that if you have 8.22.

Tripp


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Imail
Sent: Thursday, October 26, 2006 3:26 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

Thanks Tripp, I think.

Will this be available for us that have hesitated to renew our SA's?

Mark

Tripp Allen wrote:
 2006.1 is not vulnerable to this exploit.

 We are working on a update for 8.22 which will include one DLL that
 needs to be copied over the old one during a stop / start of smtpd32.
 I'll post a link here as soon as it's available.

 Tripp


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive:
 http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
 ---
 [This E-mail scanned for viruses courtesy of Netslyder,
 Inc.(http://www.netslyder.net)]





---
[This E-mail scanned for viruses courtesy of Netslyder,
Inc.(http://www.netslyder.net)]

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Che Vilnonis]

Thanks Tripp for the clarification. You got an estimated ETA for this?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen
Sent: Thursday, October 26, 2006 3:29 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


The dll will be placed on our FTP servers and a KB article will be created
with a link to that download.  Anyone will be able to download the .dll and
install it, but you should only do that if you have 8.22.

Tripp


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Imail
Sent: Thursday, October 26, 2006 3:26 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

Thanks Tripp, I think.

Will this be available for us that have hesitated to renew our SA's?

Mark

Tripp Allen wrote:
 2006.1 is not vulnerable to this exploit.

 We are working on a update for 8.22 which will include one DLL that 
 needs to be copied over the old one during a stop / start of smtpd32. 
 I'll post a link here as soon as it's available.

 Tripp


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: 
 http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
 ---
 [This E-mail scanned for viruses courtesy of Netslyder, 
 Inc.(http://www.netslyder.net)]





---
[This E-mail scanned for viruses courtesy of Netslyder,
Inc.(http://www.netslyder.net)]

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Len Conrad]

I am sure that would work, but as you know the more port 587 is
published, it will be hit also...


Imail 587 refuses any SMTP command, including the RCPT TO and 
its  vulnerability, if the SMTP session is started without an SMTP 
AUTH after EHLO.  IIRC, about the only command port 587 accepts 
without a preceding successful SMTP AUTH is  EHLO.


Imail 587 it won't even accept HELO because HELO says the SMTP 
protocol level will be basic SMTP protocol and therefore won't 
support Enhanced ESMTP service of SMTP AUTH.


Everybody should hack their registries to activate port 587. It 
absolutely can't hurt to have it on.


Then telnet into it to see how it behaves.

Len


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[S.J.Stanaitis]

Trip Allen you're my hero.

Thanks,
Sam

SJ.Stanaitis - Network Administrator
Decorative Product Source E-commerce Network


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen
Sent: Thursday, October 26, 2006 3:29 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

The dll will be placed on our FTP servers and a KB article will be created
with a link to that download.  Anyone will be able to download the .dll and
install it, but you should only do that if you have 8.22.

Tripp


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Imail
Sent: Thursday, October 26, 2006 3:26 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

Thanks Tripp, I think.

Will this be available for us that have hesitated to renew our SA's?

Mark

Tripp Allen wrote:
 2006.1 is not vulnerable to this exploit.

 We are working on a update for 8.22 which will include one DLL that
 needs to be copied over the old one during a stop / start of smtpd32.
 I'll post a link here as soon as it's available.

 Tripp


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive:
 http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
 ---
 [This E-mail scanned for viruses courtesy of Netslyder,
 Inc.(http://www.netslyder.net)]





---
[This E-mail scanned for viruses courtesy of Netslyder,
Inc.(http://www.netslyder.net)]

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[S.J.Stanaitis]

Whoops... Meant Tripp.

Thanks,
Sam

SJ.Stanaitis - Network Administrator
Decorative Product Source E-commerce Network

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen
Sent: Thursday, October 26, 2006 3:29 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

The dll will be placed on our FTP servers and a KB article will be created
with a link to that download.  Anyone will be able to download the .dll and
install it, but you should only do that if you have 8.22.

Tripp


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Imail
Sent: Thursday, October 26, 2006 3:26 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

Thanks Tripp, I think.

Will this be available for us that have hesitated to renew our SA's?

Mark

Tripp Allen wrote:
 2006.1 is not vulnerable to this exploit.

 We are working on a update for 8.22 which will include one DLL that
 needs to be copied over the old one during a stop / start of smtpd32.
 I'll post a link here as soon as it's available.

 Tripp


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive:
 http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
 ---
 [This E-mail scanned for viruses courtesy of Netslyder,
 Inc.(http://www.netslyder.net)]





---
[This E-mail scanned for viruses courtesy of Netslyder,
Inc.(http://www.netslyder.net)]

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW - will ASSP protect Imail?

[Jason Loven]

Well if you have ASSP set up for delaying it will likely kick the
connection anyway. It's doubtful these scanners are repeatedly trying
the same host over and over. 

-Jason


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Doug Traylor
Sent: Thursday, October 26, 2006 3:55 PM
To: Imail_Forum@list.ipswitch.com
Cc: assp user list
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW - will
ASSP protect Imail?

 Here's one...
 Using ASSP, should be safe right?

Not necessarily.  That's something I have asked on the ASSP mailing
list. 
ASSP is not a gateway but rather, a proxy so it does eventually pass 
recipient and data information to the SMTP server.  If that happens to
be 
Imail and you don't have ASSP configured correctly, Imail could still be

compromised I believe.  Since this exploit is using the rcpt command and

since ASSP can do recipient validation by both LDAP and flat file, and
can 
be configured to block relaying, I think it will block this exploit if 
configured to do so as it does this validation before sending to the
mail 
server.  Also ASSP can be configured to delay new unknown connections
which 
could frustrate exploitation and it has completely stopped receipt of
virus 
laden emails from infected computers at our site.  We still get the rare

bounce from legitimate email servers that get caught by our AV gateway
and 
attachment type blocker.

My question is if the exploit source IP# is allowed through by ASSP and
has 
already given the malicious rcpt command to ASSP, does the exploit
source 
resend the malicious rcpt command that is then answered by Imail, or
does 
ASSP forward the rcpt command to Imail or would ASSP just reject it as 
invalid?

So the answer is, it depends on your configuration.  I believe using the

latest version of ASSP (1.2.5) set up to use all the anti spam and 
connection based protection capabilities will protect Imail from this 
exploit.

Doug Traylor


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Gil Gomes]

Ummm... How about 2006.03? Is that going to be patched, or do I need to quickly perform an upgrade to 2006.1 I've been running 2006.1 on a test box for a month or so, and I'm not really too choked up about it... I'll need to go back to my documentation to see exactly WHAT the issues are, but I was planning to skip that upgrade altogether and wait for the next one... 
-Gil
-Original Message-From: "Tripp Allen" Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to this exploit.We are working on a update for 8.22 which will include one DLL that needs tobe copied over the old one during a stop / start of smtpd32. I'll post alink here as soon as it's available.TrippTo Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Tripp Allen]

You'll need to upgrade to 2006.1.

Tripp



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil 
GomesSent: Thursday, October 26, 2006 4:13 PMTo: 
Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit 
Scanning Going on NOW

Ummm... How about 2006.03? Is that going to be 
patched, or do I need to quickly perform an upgrade to 2006.1 I've 
been running 2006.1 on a test box for a month or so, and I'm not really too 
choked up about it... I'll need to go back to my documentation to see 
exactly WHAT the issues are, but I was planning to skip that upgrade altogether 
and wait for the next one... 
-Gil
-Original Message-From: "Tripp Allen" Sent 10/26/2006 
3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] 
SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to this 
exploit.We are working on a update for 8.22 which will include one DLL 
that needs tobe copied over the old one during a stop / start of smtpd32. 
I'll post alink here as soon as it's available.TrippTo 
Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: 
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge 
Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Mark Reimer]

Tripp,

Remind me how we tell which release we are
on.





Mark Reimer

IT System Admin

American CareSource

972-308-6887













From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Tripp Allen
Sent: Thursday, October 26, 2006
3:19 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP
Exploit Scanning Going on NOW





You'll need to upgrade to 2006.1.



Tripp











From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Gil Gomes
Sent: Thursday, October 26, 2006
4:13 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP
Exploit Scanning Going on NOW

Ummm...
How about 2006.03? Is that going to be patched, or do I need to quickly
perform an upgrade to 2006.1 I've been running 2006.1 on a test box
for a month or so, and I'm not really too choked up about it... I'll need
to go back to my documentation to see exactly WHAT the issues are, but I was
planning to skip that upgrade altogether and wait for the next one... 

-Gil


-Original Message-
From: Tripp Allen 
Sent 10/26/2006 3:02:19 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

2006.1 is not vulnerable to this exploit.

We are working on a update for 8.22 which will include one DLL that needs to
be copied over the old one during a stop / start of smtpd32. I'll post a
link here as soon as it's available.

Tripp


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Jason Loven]

You know youre not on 2006.1 when
your box gets pwn3d by a script kiddie.


Sorrykinda grumpy after this mess.











From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Mark Reimer
Sent: Thursday, October 26, 2006
4:21 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP
Exploit Scanning Going on NOW





Tripp,

Remind me how we tell which release we are
on.





Mark Reimer

IT System Admin

American CareSource

972-308-6887













From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Tripp Allen
Sent: Thursday, October 26, 2006
3:19 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit
Scanning Going on NOW





You'll need to upgrade to 2006.1.



Tripp











From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Gil Gomes
Sent: Thursday, October 26, 2006
4:13 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP
Exploit Scanning Going on NOW

Ummm...
How about 2006.03? Is that going to be patched, or do I need to quickly
perform an upgrade to 2006.1 I've been running 2006.1 on a test box
for a month or so, and I'm not really too choked up about it... I'll need
to go back to my documentation to see exactly WHAT the issues are, but I was
planning to skip that upgrade altogether and wait for the next one... 

-Gil


-Original Message-
From: Tripp Allen 
Sent 10/26/2006 3:02:19 PM
To: Imail_Forum@list.ipswitch.com
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

2006.1 is not vulnerable to this exploit.

We are working on a update for 8.22 which will include one DLL that needs to
be copied over the old one during a stop / start of smtpd32. I'll post a
link here as soon as it's available.

Tripp


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Gil Gomes]

Lovely... Just lovely... -Original Message-From: "Tripp Allen" Sent 10/26/2006 4:19:06 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

You'll need to upgrade to 2006.1.

Tripp



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

Ummm... How about 2006.03? Is that going to be patched, or do I need to quickly perform an upgrade to 2006.1 I've been running 2006.1 on a test box for a month or so, and I'm not really too choked up about it... I'll need to go back to my documentation to see exactly WHAT the issues are, but I was planning to skip that upgrade altogether and wait for the next one... 
-Gil
-Original Message-From: "Tripp Allen" Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to this exploit.We are working on a update for 8.22 which will include one DLL that needs tobe copied over the old one during a stop / start of smtpd32. I'll post alink here as soon as it's available.TrippTo Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Tripp Allen]

The easiest way is to telnet to port 25 and look at the 
banner. For 2006.1 it will say 9.1. Or you can look at the release 
notes.

Tripp



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Mark 
ReimerSent: Thursday, October 26, 2006 4:21 PMTo: 
Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
Scanning Going on NOW


Tripp,
Remind me how we tell 
which release we are on.


Mark 
Reimer
IT System 
Admin
American 
CareSource
972-308-6887





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Tripp 
AllenSent: Thursday, October 
26, 2006 3:19 PMTo: 
Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
Scanning Going on NOW

You'll need to upgrade 
to 2006.1.

Tripp





From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13 
PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit 
Scanning Going on NOW
Ummm... How about 2006.03? 
Is that going to be patched, or do I need to quickly perform an upgrade to 
2006.1 I've been running 2006.1 on a test box for a month or so, and 
I'm not really too choked up about it... I'll need to go back to my 
documentation to see exactly WHAT the issues are, but I was planning to skip 
that upgrade altogether and wait for the next one... 

-Gil
-Original Message-From: "Tripp Allen" 
Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail 
Forum] SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to 
this exploit.We are working on a update for 8.22 which will include one 
DLL that needs tobe copied over the old one during a stop / start of 
smtpd32. I'll post alink here as soon as it's 
available.TrippTo Unsubscribe: 
http://www.ipswitch.com/support/mailing-lists.htmlList Archive: 
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge 
Base/FAQ: 
http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Dave Doherty]

What about 8.15, Tripp?


- Original Message - 
From: Tripp Allen [EMAIL PROTECTED]

To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 2:02 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW




2006.1 is not vulnerable to this exploit.

We are working on a update for 8.22 which will include one DLL that needs 
to

be copied over the old one during a stop / start of smtpd32. I'll post a
link here as soon as it's available.

Tripp


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/




To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Tripp Allen]

We are not currently planning a patch for 8.15.  SMTPD was rewritten in 8.2
and I can not confirm (or deny) that 8.1X is vulnerable right now.

Tripp

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
Sent: Thursday, October 26, 2006 4:35 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

What about 8.15, Tripp?


- Original Message -
From: Tripp Allen [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 2:02 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW



 2006.1 is not vulnerable to this exploit.

 We are working on a update for 8.22 which will include one DLL that needs
 to
 be copied over the old one during a stop / start of smtpd32. I'll post a
 link here as soon as it's available.

 Tripp


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Robbie Pardue]

   8.15 is vulnerable right now, I can personally confirm this. Two separate physical servers in separate places and unrelated IP space which I oversee were exploited on Monday and Wednesday (both were reported, with logs examples to techsupport).   We have not been reluctant to maintain contracts (we have had contracts on both of these boxes all along) only to upgrade in a flurry of post 8.2 activity on the forum (and following some upgrade-related disasters on previous versions). We are looking into going straight from 8.15 to 2006 or to temporarily going to 8.22 to get this patch but would WILDLY prefer a patch for 8.15 to buy a little more time to do our upgrades right.  
 I will ask for nothing else from you ever.  Tripp Allen [EMAIL PROTECTED] wrote:   -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen Sent: Thursday, October 26, 2006 2:14 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOWWe are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2  and I can not confirm (or deny) that 8.1X is vulnerable right now.Tripp-Original Message-  From: [EMAIL PROTECTED]  [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty  Sent: Thursday, October 26, 2006 4:35 PM  To: Imail_Forum@list.ipswitch.com  Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOWWhat about 8.15, Tripp?   From: [EMAIL PROTECTED]  [mailto:[EMAIL PROTECTED] On Behalf Of Mark  ReimerSent: Thursday, October 26, 2006 4:21 PMTo:  Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit  Scanning Going on NOW
   Tripp, Remind me how we tell  which release we are on.   Mark  Reimer IT System 
 Admin American  CareSource 972-308-6887  From:  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]  On Behalf Of Tripp  AllenSent: Thursday, October  26, 2006 3:19 PMTo:  Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit  Scanning Going on NOW  You'll need to upgrade  to 2006.1.  Tripp  From:  [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]  On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13  PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit  Scanning Going on NOW Ummm... How about 2006.03?  Is that going to be patched, or do I need to quickly perform an upgrade to  2006.1 I've been running 2006.1 on a test box for a month or so, and  I'm not really too choked up about it... I'll need to go back to my  documentation to see exactly WHAT the issues are, but I was planning to skip  that upgrade altogether and wait for the next one... 
  -Gil -Original Message-From: "Tripp Allen"  Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail  Forum] SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to  this exploit.We are working on a update for 8.22 which will include one  DLL that needs tobe copied over the old one during a stop / start of  smtpd32. I'll post alink here as soon as it's  available.TrippTo Unsubscribe:  http://www.ipswitch.com/support/mailing-lists.htmlList Archive:  http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge  Base/FAQ: 
 http://www.ipswitch.com/support/IMail/ 
		Do you Yahoo!? Everyone is raving about the  all-new Yahoo! Mail.

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Doug Traylor]

- Original Message - 
From: Robbie Pardue [EMAIL PROTECTED]

To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 4:26 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW



  I will ask for nothing else from you ever.


How do you know this today?  Do you know something we don't know about the 
future?  Should I go buy that motorcycle I have been lusting after just to 
get a few rides in before


:o)

Doug 


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Beach Computers]

So, let me make sure I have Ipswich's answer 
correctly.
We don't know if 8.15 is affected, therefore if you are running it, good 
luck because we have no plan on giving you a fix.

Did I miss anything?
I 
sure hope so.

Dave===Beach 
ComputersAffordable Hosting 
Solutionshttp://www.beachcomp.com===Cheap 
Domain WarehouseGet Your Own 
Dot!http://www.cheapdomainwarehouse.comDisclaimer 
and confidentiality note:The contents of this communication are 
intended/meant only for addressee(s) and may contain information that is 
privileged or otherwise confidential.If you are not the intended recipient 
you are hereby notified that any disclosure, copying, distribution or taking any 
action in reliance on thecontents of this information is strictly prohibited 
and may be unlawful.The contents of this e-mail shall not be forwarded to 
any third party. If you have received this electronic mail transmission in 
error, please deleteit from your system without copying or forwarding it, 
and notify the sender of the error by reply email, so that the sender's address 
recordscan be corrected.Views and opinions are solely those of the 
sender unless clearly indicated as being that of Beach Computers or any of it's 
affiliated companies.Beach Computers cannot assure that the integrity of 
this communication has been maintained or that it is free of errors, virus, 
interception or interference.



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Robbie 
PardueSent: Thursday, October 26, 2006 5:26 PMTo: 
Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
Scanning Going on NOW

 8.15 is vulnerable 
right now, I can personally confirm this. Two separate 
physical servers in separate places and unrelated IP space which I oversee were 
exploited on Monday and Wednesday (both were reported, with logs examples to 
techsupport).
 We have not been 
reluctant to maintain contracts (we have had contracts on both of these boxes 
all along) only to upgrade in a flurry of post 8.2 activity on the forum (and 
following some upgrade-related disasters on previous versions). 
We are looking into going straight from 8.15 to 2006 or to temporarily 
going to 8.22 to get this patch but would WILDLY prefer a patch for 8.15 to buy 
a little more time to do our upgrades right.
 I will ask for 
nothing else from you ever.Tripp Allen 
[EMAIL PROTECTED] wrote:

  
  

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Tripp AllenSent: 
  Thursday, October 26, 2006 2:14 PMTo: 
  Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
  Scanning Going on NOW
  
  We are not currently planning a patch for 
  8.15. SMTPD was rewritten in 8.2
  and I can not confirm (or deny) that 8.1X is 
  vulnerable right now.
  
  Tripp
  
  -Original Message-
  From: 
  [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] On Behalf 
  Of Dave Doherty
  Sent: Thursday, October 26, 2006 4:35 
  PM
  To: Imail_Forum@list.ipswitch.com
  Subject: Re: [IMail Forum] SMTP Exploit Scanning Going 
  on NOW
  
  What about 8.15, Tripp?
  
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Mark 
  ReimerSent: Thursday, October 26, 2006 4:21 PMTo: 
  Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP 
  Exploit Scanning Going on NOW
  
  
  Tripp,
  Remind me how we tell 
  which release we are on.
  
  
  Mark 
  Reimer
  IT System 
  Admin
  American 
  CareSource
  972-308-6887
  
  
  
  
  
  From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Tripp AllenSent: Thursday, October 26, 2006 3:19 
  PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
  Scanning Going on NOW
  
  You'll need to 
  upgrade to 2006.1.
  
  Tripp
  
  
  
  
  
  From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13 
  PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit 
  Scanning Going on NOW
  Ummm... How about 
  2006.03? Is that going to be patched, or do I need to quickly perform an 
  upgrade to 2006.1 I've been running 2006.1 on a test box for a month 
  or so, and I'm not really too choked up about it... I'll need to go back 
  to my documentation to see exactly WHAT the issues are, but I was planning to 
  skip that upgrade altogether and wait for the next one... 
  
  -Gil
  -Original Message-From: "Tripp Allen" 
  Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: 
  [IMail Forum] SMTP Exploit Scanning Going on NOW2006.1 is not 
  vulnerable to this exploit.We are working on a update for 8.22 which 
  will include one DLL that needs tobe copied over the old one during a stop 
  / start of smtpd32. I'll post alink here as soon as it's 
  available.TrippTo Unsubscribe: 
  http://www.ipswitch.c

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW - will ASSP protect Imail?

[Doug Traylor]

Here's one...
Using ASSP, should be safe right?


Not necessarily.  That's something I have asked on the ASSP mailing list. 
ASSP is not a gateway but rather, a proxy so it does eventually pass 
recipient and data information to the SMTP server.  If that happens to be 
Imail and you don't have ASSP configured correctly, Imail could still be 
compromised I believe.  Since this exploit is using the rcpt command and 
since ASSP can do recipient validation by both LDAP and flat file, and can 
be configured to block relaying, I think it will block this exploit if 
configured to do so as it does this validation before sending to the mail 
server.  Also ASSP can be configured to delay new unknown connections which 
could frustrate exploitation and it has completely stopped receipt of virus 
laden emails from infected computers at our site.  We still get the rare 
bounce from legitimate email servers that get caught by our AV gateway and 
attachment type blocker.


My question is if the exploit source IP# is allowed through by ASSP and has 
already given the malicious rcpt command to ASSP, does the exploit source 
resend the malicious rcpt command that is then answered by Imail, or does 
ASSP forward the rcpt command to Imail or would ASSP just reject it as 
invalid?


So the answer is, it depends on your configuration.  I believe using the 
latest version of ASSP (1.2.5) set up to use all the anti spam and 
connection based protection capabilities will protect Imail from this 
exploit.


Doug Traylor


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Dave Doherty]

Tripp said they don't know. He didn't say 
they wouln't fix it.

We now have confirmation from Robbie that 
8.15 is vulnerable.

So, over to you, Tripp. What are your 
plans? Upgrades to 8.22, or a new SMTPD32 for 8.15? Or will the new SMTPD work 
with 8.15?

-Dave DohertySkywaves, 
Inc.508-425-7176[EMAIL PROTECTED]



  - Original Message - 
  From: 
  Beach 
  Computers 
  To: Imail_Forum@list.ipswitch.com 
  
  Sent: Thursday, October 26, 2006 4:54 
  PM
  Subject: RE: [IMail Forum] SMTP Exploit 
  Scanning Going on NOW
  
  So, let me make sure I have Ipswich's answer 
  correctly.
  We don't know if 8.15 is affected, therefore if you are running it, 
  good luck because we have no plan on giving you a fix.
  
  Did I miss anything?
  I sure hope so.
  
  Dave===Beach 
  ComputersAffordable Hosting Solutionshttp://www.beachcomp.com===Cheap 
  Domain WarehouseGet Your Own 
  Dot!http://www.cheapdomainwarehouse.comDisclaimer 
  and confidentiality note:The contents of this communication are 
  intended/meant only for addressee(s) and may contain information that is 
  privileged or otherwise confidential.If you are not the intended recipient 
  you are hereby notified that any disclosure, copying, distribution or taking 
  any action in reliance on thecontents of this information is strictly 
  prohibited and may be unlawful.The contents of this e-mail shall not be 
  forwarded to any third party. If you have received this electronic mail 
  transmission in error, please deleteit from your system without copying or 
  forwarding it, and notify the sender of the error by reply email, so that the 
  sender's address recordscan be corrected.Views and opinions are solely 
  those of the sender unless clearly indicated as being that of Beach Computers 
  or any of it's affiliated companies.Beach Computers cannot assure that the 
  integrity of this communication has been maintained or that it is free of 
  errors, virus, interception or interference.
  
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Robbie 
  PardueSent: Thursday, October 26, 2006 5:26 PMTo: 
  Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP 
  Exploit Scanning Going on NOW
  
   8.15 is 
  vulnerable right now, I can personally confirm this. Two 
  separate physical servers in separate places and unrelated IP space which I 
  oversee were exploited on Monday and Wednesday (both were reported, with logs 
  examples to techsupport).
   We have not been 
  reluctant to maintain contracts (we have had contracts on both of these boxes 
  all along) only to upgrade in a flurry of post 8.2 activity on the forum (and 
  following some upgrade-related disasters on previous versions). 
  We are looking into going straight from 8.15 to 2006 or to temporarily 
  going to 8.22 to get this patch but would WILDLY prefer a patch for 8.15 to 
  buy a little more time to do our upgrades right.
   I will ask for 
  nothing else from you ever.Tripp Allen 
  [EMAIL PROTECTED] wrote: 
  



-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Tripp 
AllenSent: Thursday, October 26, 2006 2:14 PMTo: 
Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
Scanning Going on NOW

We are not currently planning a patch for 
8.15. SMTPD was rewritten in 8.2
and I can not confirm (or deny) that 8.1X is 
vulnerable right now.

Tripp

-Original Message-
From: 
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On 
Behalf Of Dave Doherty
Sent: Thursday, October 26, 2006 4:35 
PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning 
Going on NOW

What about 8.15, Tripp?



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Mark 
ReimerSent: Thursday, October 26, 2006 4:21 PMTo: 
Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP 
Exploit Scanning Going on NOW


Tripp,
Remind me how we 
tell which release we are on.


Mark 
Reimer
IT System 
Admin
American 
CareSource
972-308-6887





From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Tripp AllenSent: Thursday, October 26, 2006 3:19 
PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
Scanning Going on NOW

You'll need to 
upgrade to 2006.1.

Tripp





From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13 
PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit 
Scanning Going on NOW
Ummm... How about 
2006.03? Is that going to be patched, or do I need

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Tripp Allen]

I suggest talking with the product manager, Kevin 
Gillis, about 8.15. The update for SMTPD I'm posting will ONLY work for 
8.22.

Tripp


- Original Message - 

  From: 
  Dave Doherty 
  
  To: Imail_Forum@list.ipswitch.com 
  
  Sent: Thursday, October 26, 2006 7:10 
  PM
  Subject: Re: [IMail Forum] SMTP Exploit 
  Scanning Going on NOW
  
  Tripp said they don't know. He didn't 
  say they wouln't fix it.
  
  We now have confirmation from Robbie 
  that 8.15 is vulnerable.
  
  So, over to you, Tripp. What are your 
  plans? Upgrades to 8.22, or a new SMTPD32 for 8.15? Or will the new SMTPD work 
  with 8.15?
  
  -Dave DohertySkywaves, 
  Inc.508-425-7176[EMAIL PROTECTED]
  
  
  
- Original Message - 
From: 
Beach 
Computers 
To: Imail_Forum@list.ipswitch.com 

Sent: Thursday, October 26, 2006 4:54 
PM
Subject: RE: [IMail Forum] SMTP Exploit 
Scanning Going on NOW

So, let me make sure I have Ipswich's answer 
correctly.
We don't know if 8.15 is affected, therefore if you are running it, 
good luck because we have no plan on giving you a fix.

Did I miss anything?
I sure hope so.

Dave===Beach 
ComputersAffordable Hosting Solutionshttp://www.beachcomp.com===Cheap 
Domain WarehouseGet Your Own 
Dot!http://www.cheapdomainwarehouse.comDisclaimer 
and confidentiality note:The contents of this communication are 
intended/meant only for addressee(s) and may contain information that is 
privileged or otherwise confidential.If you are not the intended 
recipient you are hereby notified that any disclosure, copying, distribution 
or taking any action in reliance on thecontents of this information is 
strictly prohibited and may be unlawful.The contents of this e-mail 
shall not be forwarded to any third party. If you have received this 
electronic mail transmission in error, please deleteit from your system 
without copying or forwarding it, and notify the sender of the error by 
reply email, so that the sender's address recordscan be 
corrected.Views and opinions are solely those of the sender unless 
clearly indicated as being that of Beach Computers or any of it's affiliated 
companies.Beach Computers cannot assure that the integrity of this 
communication has been maintained or that it is free of errors, virus, 
interception or interference.



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Robbie 
PardueSent: Thursday, October 26, 2006 5:26 PMTo: 
Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP 
Exploit Scanning Going on NOW

 8.15 is 
vulnerable right now, I can personally confirm this. Two 
separate physical servers in separate places and unrelated IP space which I 
oversee were exploited on Monday and Wednesday (both were reported, with 
logs examples to techsupport).
 We have not 
been reluctant to maintain contracts (we have had contracts on both of these 
boxes all along) only to upgrade in a flurry of post 8.2 activity on the 
forum (and following some upgrade-related disasters on previous 
versions). We are looking into going straight from 8.15 
to 2006 or to temporarily going to 8.22 to get this patch but would WILDLY 
prefer a patch for 8.15 to buy a little more time to do our upgrades 
right.
 I will ask for 
nothing else from you ever.Tripp Allen 
[EMAIL PROTECTED] wrote: 

  
  

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Tripp 
  AllenSent: Thursday, October 26, 2006 2:14 PMTo: 
  Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit 
  Scanning Going on NOW
  
  We are not currently planning a patch for 
  8.15. SMTPD was rewritten in 8.2
  and I can not confirm (or deny) that 8.1X is 
  vulnerable right now.
  
  Tripp
  
  -Original Message-
  From: 
  [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] On 
  Behalf Of Dave Doherty
  Sent: Thursday, October 26, 2006 4:35 
  PM
  To: Imail_Forum@list.ipswitch.com
  Subject: Re: [IMail Forum] SMTP Exploit Scanning 
  Going on NOW
  
  What about 8.15, Tripp?
  
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Mark 
  ReimerSent: Thursday, October 26, 2006 4:21 PMTo: 
  Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP 
  Exploit Scanning Going on NOW
  
  
  Tripp,
  Remind me how we 
  tell which release we are on.
  
  
  Mark 
  Reimer
  IT System 
  Admin
  American 
  CareSource
  972-308-6887

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[mnapuran]

 We are working on a update for 8.22 which will include one DLL that needs to
 be copied over the old one during a stop / start of smtpd32. I'll post a
 link here as soon as it's available.
 
 Tripp

What about an update to 8.1x?

Mike N
FXOL

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[mnapuran]

 I suggest talking with the product manager, Kevin Gillis, about 8.15.  The 
 update for SMTPD I'm posting will ONLY work for 8.22.

I can definately tell you 8.15 has the problem 

Mike N
FXOL

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Darin Cox]

Hi Tripp,

Thanks for jumping on this.  Is there an upgrade path from 8.15 to 8.2 for
those with a valid SA, or is it a reinstall?

Any gotchas we should be aware of?

Until a couple of other issues are resolved, we're still not comfortable
with going to 2006.1.

Thanks in advance.

Darin.


- Original Message - 
From: Tripp Allen [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 5:13 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


We are not currently planning a patch for 8.15.  SMTPD was rewritten in 8.2
and I can not confirm (or deny) that 8.1X is vulnerable right now.

Tripp

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
Sent: Thursday, October 26, 2006 4:35 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

What about 8.15, Tripp?


- Original Message -
From: Tripp Allen [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 2:02 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW



 2006.1 is not vulnerable to this exploit.

 We are working on a update for 8.22 which will include one DLL that needs
 to
 be copied over the old one during a stop / start of smtpd32. I'll post a
 link here as soon as it's available.

 Tripp


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: [IMail Forum] SMTP Exploit Scanning Going on NOW

[Kevin Gillis]

Hi Darin,

Can you share what the main issues are that you'd like to see resolved
before upgrading to 2006.1?  Chances are that others may share similar
sentiments and we'd like to prioritize and address them.

Bye for now,

kg 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Friday, October 27, 2006 01:46
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

Hi Tripp,

Thanks for jumping on this.  Is there an upgrade path from 8.15 to 8.2 for
those with a valid SA, or is it a reinstall?

Any gotchas we should be aware of?

Until a couple of other issues are resolved, we're still not comfortable
with going to 2006.1.

Thanks in advance.

Darin.


- Original Message -
From: Tripp Allen [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 5:13 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW


We are not currently planning a patch for 8.15.  SMTPD was rewritten in 8.2
and I can not confirm (or deny) that 8.1X is vulnerable right now.

Tripp

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
Sent: Thursday, October 26, 2006 4:35 PM
To: Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW

What about 8.15, Tripp?


- Original Message -
From: Tripp Allen [EMAIL PROTECTED]
To: Imail_Forum@list.ipswitch.com
Sent: Thursday, October 26, 2006 2:02 PM
Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW



 2006.1 is not vulnerable to this exploit.

 We are working on a update for 8.22 which will include one DLL that needs
 to
 be copied over the old one during a stop / start of smtpd32. I'll post a
 link here as soon as it's available.

 Tripp


 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
 List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
 Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/