Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Hi Andy, We even were considering scripting the "lower case translate" - but, "keyrename" is not a scriptable registry function. We certainly don't want tomanually perform all these edits while the services have to be down AND riskthat there'll be a certain percent of keyboard errors causing who-knows-whatkind of secondary problems. If you just export the Ipswitch key to a text file, do simple textbased case replacement and import it, that should not take to long. Met vriendelijke groet,Bonno Bloksmahoofd systeembeheer tio hogeschool hotelmanagement en toerisme begijnenhof 8-12 / 5611 el eindhovent 040 296 28 28 / f 040 237 35 20[EMAIL PROTECTED] / www.tio.nl - Original Message - From: Andy Schmidt To: Imail_Forum@list.ipswitch.com Cc: [EMAIL PROTECTED] Sent: Monday, October 30, 2006 11:45 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW KG Can you share what the main issues are that you'd like to see resolvedbefore upgrading to 2006.1? We tried to upgrade to 2006.1, but have a large number of domains, many wereentered with mixed case domain names. According to one KB entry these causeservices to leak memory and cause the Imail server (not just the service) tobecome unresponsive.Rebooting the server (no way to log into the system) will reset the memoryfrom GBs to a few hundred MB and the system will run again for a while. TheKB entry seems to imply that the problem is specific to the SMTP service,but in reality I've seen all mail-related Imail services to slowly increasetheir memory use.We even were considering scripting the "lower case translate" - but, "keyrename" is not a scriptable registry function. We certainly don't want tomanually perform all these edits while the services have to be down AND riskthat there'll be a certain percent of keyboard errors causing who-knows-whatkind of secondary problems.-Original Message-From: "Kevin Gillis" [EMAIL PROTECTED]Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOWDate: Fri, 27 Oct 2006 01:51:20 -0400Reply-To: Imail_Forum@list.ipswitch.comHi Darin,Can you share what the main issues are that you'd like to see resolvedbefore upgrading to 2006.1? Chances are that others may share similarsentiments and we'd like to prioritize and address them.Bye for now,kg To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
KG Can you share what the main issues are that you'd like to see resolved before upgrading to 2006.1? We tried to upgrade to 2006.1, but have a large number of domains, many were entered with mixed case domain names. According to one KB entry these cause services to leak memory and cause the Imail server (not just the service) to become unresponsive. Rebooting the server (no way to log into the system) will reset the memory from GBs to a few hundred MB and the system will run again for a while. The KB entry seems to imply that the problem is specific to the SMTP service, but in reality I've seen all mail-related Imail services to slowly increase their memory use. We even were considering scripting the lower case translate - but, key rename is not a scriptable registry function. We certainly don't want to manually perform all these edits while the services have to be down AND risk that there'll be a certain percent of keyboard errors causing who-knows-what kind of secondary problems. -Original Message- From: Kevin Gillis [EMAIL PROTECTED] Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Date: Fri, 27 Oct 2006 01:51:20 -0400 Reply-To: Imail_Forum@list.ipswitch.com Hi Darin, Can you share what the main issues are that you'd like to see resolved before upgrading to 2006.1? Chances are that others may share similar sentiments and we'd like to prioritize and address them. Bye for now, kg To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Edit your registry and make them all lower case = no memory leak. I'm VERY familiar with this problem. :) Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, October 30, 2006 5:45 PM To: Imail_Forum@list.ipswitch.com Cc: [EMAIL PROTECTED] Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW KG Can you share what the main issues are that you'd like to see KG resolved before upgrading to 2006.1? We tried to upgrade to 2006.1, but have a large number of domains, many were entered with mixed case domain names. According to one KB entry these cause services to leak memory and cause the Imail server (not just the service) to become unresponsive. Rebooting the server (no way to log into the system) will reset the memory from GBs to a few hundred MB and the system will run again for a while. The KB entry seems to imply that the problem is specific to the SMTP service, but in reality I've seen all mail-related Imail services to slowly increase their memory use. We even were considering scripting the lower case translate - but, key rename is not a scriptable registry function. We certainly don't want to manually perform all these edits while the services have to be down AND risk that there'll be a certain percent of keyboard errors causing who-knows-what kind of secondary problems. -Original Message- From: Kevin Gillis [EMAIL PROTECTED] Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Date: Fri, 27 Oct 2006 01:51:20 -0400 Reply-To: Imail_Forum@list.ipswitch.com Hi Darin, Can you share what the main issues are that you'd like to see resolved before upgrading to 2006.1? Chances are that others may share similar sentiments and we'd like to prioritize and address them. Bye for now, kg To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Hi All, Sorry I am running V8.12 and not 8.15 as previously reported. I have compiled the exploit, and ran it against my server. With version 8.12, I am not getting any of theinjections as described (share, new user, port bind) . However, after running the exploit all smtpwill not respond to any connection request. You will have to manually stop/start SMTP to regain full function once again. Here is the catch22. You will need to enable Monitor Services if you wish to have SMTP auto restart should it hang. This service in the past has created a bunch of networking issues for a few users.. Also, I am not seeing the same info as http://www.mail-archive.com/imail_forum%40list.ipswitch.com/msg108489.html. My log looks like 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] EHLO 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] MAIL FROM [EMAIL PROTECTED] 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] RCPT TO: @qo:10:29 02:44 SMTPD() server starting on port 25 of student.chaminade.edu AUTO RESTART OF SMTP via Monitor after SMTP fails to respond.. Display of Options from executable. = IMail 2006 and 8.x SMTP 'RCPT TO:' Stack Overflow ExploitCoded by Greg Linares glinares.code [at] GMAIL [dot] com Usage: imailexploit [hostname] [port] Payload JMPDefault port is 25 ==Payload Options: 1 = Default==1 = Share C:\ as 'Export' Share2 = Add User 'Error' with Password 'Error'3 = Win32 Bind CMD to Port 4 = Change Administrator Password to '[EMAIL PROTECTED]'==JMP Options: 1 = Default==1 = IMAIL 8.x SMTPDLL.DLL [pop ebp, ret] 0x10036f71 2 = Win2003 SP1 English NTDLL.DLL [pop ebp, ret] 0x7c87d8af 3 = Win2003 SP0 English USER32.DLL [pop ebp, ret] 0x77d02289 4 = WinXP SP2 English NTDLL.DLL [pop ebp, ret] 0x7c967e23 5 = WinXP SP1 - SP0 English USER32.DLL [pop ebp, ret] 0x71ab389c 6 = Win2000 Universal English USER32.DLL [pop ebp, ret] 0x75021397 7 = Win2000 Universal French USER32.DLL [pop ebp, ret] 0x74fa1397 8 = Windows XP SP1 - SP2 German USER32.DLL [pop ebp, ret] 0x77d18c14 Hope this provides some info, atleast to users of Version 8.12. Eddie :) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eddie PangSent: Saturday, October 28, 2006 4:51 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW For those of us who are not programmers, can someone provide a simple what we need to do to compile this so we can test our systems for this exploit. I have a HIPS running on our Imail 8.15 server, and I want to see if it will terminate the buffer overflow process. Thanks, Eddie. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Troy D. HiltonSent: Thursday, October 26, 2006 7:04 AMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW From what I understand both 8.2x and 2006 are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html Troy D. Hilton Serveon, Inc. 302-529-8640 [EMAIL PROTECTED]
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
The fact that it crashes means that it could be exploitedif someone gets a copy of 8.12 and determines offsets for your OS and Imail. In the meantime, also try banning e-mail from the user [EMAIL PROTECTED] [ this might cause it to drop the connection before looking at the exploit. Of course they can also have the FROM user to be anything in the future] . - Original Message - From: Eddie Pang To: Imail_Forum@list.ipswitch.com Sent: Sunday, October 29, 2006 8:11 AM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi All, Sorry I am running V8.12 and not 8.15 as previously reported. I have compiled the exploit, and ran it against my server. With version 8.12, I am not getting any of theinjections as described (share, new user, port bind) . However, after running the exploit all smtpwill not respond to any connection request. You will have to manually stop/start SMTP to regain full function once again. Here is the catch22. You will need to enable Monitor Services if you wish to have SMTP auto restart should it hang. This service in the past has created a bunch of networking issues for a few users.. Also, I am not seeing the same info as http://www.mail-archive.com/imail_forum%40list.ipswitch.com/msg108489.html. My log looks like 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] EHLO 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] MAIL FROM [EMAIL PROTECTED] 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] RCPT TO: @qo:10:29 02:44 SMTPD() server starting on port 25 of student.chaminade.edu AUTO RESTART OF SMTP via Monitor after SMTP fails to respond.. Display of Options from executable. = IMail 2006 and 8.x SMTP 'RCPT TO:' Stack Overflow ExploitCoded by Greg Linares glinares.code [at] GMAIL [dot] com Usage: imailexploit [hostname] [port] Payload JMPDefault port is 25 ==Payload Options: 1 = Default==1 = Share C:\ as 'Export' Share2 = Add User 'Error' with Password 'Error'3 = Win32 Bind CMD to Port 4 = Change Administrator Password to '[EMAIL PROTECTED]'==JMP Options: 1 = Default==1 = IMAIL 8.x SMTPDLL.DLL [pop ebp, ret] 0x10036f71 2 = Win2003 SP1 English NTDLL.DLL [pop ebp, ret] 0x7c87d8af 3 = Win2003 SP0 English USER32.DLL [pop ebp, ret] 0x77d02289 4 = WinXP SP2 English NTDLL.DLL [pop ebp, ret] 0x7c967e23 5 = WinXP SP1 - SP0 English USER32.DLL [pop ebp, ret] 0x71ab389c 6 = Win2000 Universal English USER32.DLL [pop ebp, ret] 0x75021397 7 = Win2000 Universal French USER32.DLL [pop ebp, ret] 0x74fa1397 8 = Windows XP SP1 - SP2 German USER32.DLL [pop ebp, ret] 0x77d18c14 Hope this provides some info, atleast to users of Version 8.12. Eddie :)
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
To get around the SMTP auto start problem consider using a 3rd party app. such as Service+ or similar. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eddie Pang Sent: 29 October 2006 13:12 To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi All, Sorry I am running V8.12 and not 8.15 as previously reported. I have compiled the exploit, and ran it against my server. With version 8.12, I am not getting any of the injections as described (share, new user, port bind) . However, after running the exploit all smtp will not respond to any connection request. You will have to manually stop/start SMTP to regain full function once again. Here is the catch22. You will need to enable Monitor Services if you wish to have SMTP auto restart should it hang. This service in the past has created a bunch of networking issues for a few users.. Also, I am not seeing the same info as http://www.mail-archive.com/imail_forum%40list.ipswitch.com/msg108489.html . My log looks like 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] EHLO 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] MAIL FROM [EMAIL PROTECTED] 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] RCPT TO: @qo: 10:29 02:44 SMTPD() server starting on port 25 of student.chaminade.edu AUTO RESTART OF SMTP via Monitor after SMTP fails to respond.. Display of Options from executable. = IMail 2006 and 8.x SMTP 'RCPT TO:' Stack Overflow Exploit Coded by Greg Linares glinares.code [at] GMAIL [dot] com Usage: imailexploit [hostname] [port] Payload JMP Default port is 25 == Payload Options: 1 = Default == 1 = Share C:\ as 'Export' Share 2 = Add User 'Error' with Password 'Error' 3 = Win32 Bind CMD to Port 4 = Change Administrator Password to '[EMAIL PROTECTED]' == JMP Options: 1 = Default == 1 = IMAIL 8.x SMTPDLL.DLL[pop ebp, ret] 0x10036f71 2 = Win2003 SP1 English NTDLL.DLL [pop ebp, ret] 0x7c87d8af 3 = Win2003 SP0 English USER32.DLL [pop ebp, ret] 0x77d02289 4 = WinXP SP2 English NTDLL.DLL [pop ebp, ret] 0x7c967e23 5 = WinXP SP1 - SP0 English USER32.DLL [pop ebp, ret] 0x71ab389c 6 = Win2000 Universal English USER32.DLL [pop ebp, ret] 0x75021397 7 = Win2000 Universal French USER32.DLL [pop ebp, ret] 0x74fa1397 8 = Windows XP SP1 - SP2 German USER32.DLL [pop ebp, ret] 0x77d18c14 Hope this provides some info, atleast to users of Version 8.12. Eddie :) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eddie Pang Sent: Saturday, October 28, 2006 4:51 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW For those of us who are not programmers, can someone provide a simple what we need to do to compile this so we can test our systems for this exploit. I have a HIPS running on our Imail 8.15 server, and I want to see if it will terminate the buffer overflow process. Thanks, Eddie. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Troy D. Hilton Sent: Thursday, October 26, 2006 7:04 AM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW From what I understand both 8.2x and 2006 are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html Troy D. Hilton Serveon, Inc. 302-529-8640 [EMAIL PROTECTED] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 8.15 ASSP
Just an FYI for anyone else who is currently SOL like us, Changed the mail server ehlo, and also enabled delaying in ASSP, but we still got hit by this. Dave --- |Beach Computers| |Affordable Hosting Solutions | |http://www.beachcomp.com | === |Cheap Domain Warehouse | |Get Your Own Dot! | |http://www.cheapdomainwarehouse.com| -- Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Waller Sent: Sunday, October 29, 2006 9:52 AM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW To get around the SMTP auto start problem consider using a 3rd party app. such as Service+ or similar. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eddie Pang Sent: 29 October 2006 13:12 To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi All, Sorry I am running V8.12 and not 8.15 as previously reported. I have compiled the exploit, and ran it against my server. With version 8.12, I am not getting any of the injections as described (share, new user, port bind) . However, after running the exploit all smtp will not respond to any connection request. You will have to manually stop/start SMTP to regain full function once again. Here is the catch22. You will need to enable Monitor Services if you wish to have SMTP auto restart should it hang. This service in the past has created a bunch of networking issues for a few users.. Also, I am not seeing the same info as http://www.mail-archive.com/imail_forum%40list.ipswitch.com/msg108489.html . My log looks like 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] EHLO 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] MAIL FROM [EMAIL PROTECTED] 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] RCPT TO: @qo: 10:29 02:44 SMTPD() server starting on port 25 of student.chaminade.edu AUTO RESTART OF SMTP via Monitor after SMTP fails to respond.. Display of Options from executable. = IMail 2006 and 8.x SMTP 'RCPT TO:' Stack Overflow Exploit Coded by Greg Linares glinares.code [at] GMAIL [dot] com Usage: imailexploit [hostname] [port] Payload JMP Default port is 25 == Payload Options: 1 = Default == 1 = Share C:\ as 'Export' Share 2 = Add User 'Error' with Password 'Error' 3 = Win32 Bind CMD to Port 4 = Change Administrator Password to '[EMAIL PROTECTED]' == JMP Options: 1 = Default == 1 = IMAIL 8.x SMTPDLL.DLL[pop ebp, ret] 0x10036f71 2 = Win2003 SP1 English NTDLL.DLL [pop ebp, ret] 0x7c87d8af 3 = Win2003 SP0 English USER32.DLL [pop ebp, ret] 0x77d02289 4 = WinXP SP2 English NTDLL.DLL [pop ebp, ret] 0x7c967e23 5 = WinXP SP1 - SP0 English USER32.DLL [pop ebp, ret] 0x71ab389c 6 = Win2000 Universal English USER32.DLL [pop ebp, ret] 0x75021397 7 = Win2000 Universal French USER32.DLL [pop ebp, ret] 0x74fa1397 8 = Windows XP SP1 - SP2 German USER32.DLL [pop ebp, ret] 0x77d18c14 Hope this provides some info, atleast to users of Version 8.12. Eddie :) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eddie Pang Sent: Saturday, October 28, 2006 4:51 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW For those of us who are not programmers, can someone provide a simple what we need to do to compile this so we can test our systems for this exploit. I have a HIPS running on our Imail 8.15 server, and I want to see
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Is there a way to do a global ban from [EMAIL PROTECTED]? The only way I know is to create a rule for each domain which can be a nightmare. Dave===Beach ComputersAffordable Hosting Solutionshttp://www.beachcomp.com===Cheap Domain WarehouseGet Your Own Dot!http://www.cheapdomainwarehouse.comDisclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address recordscan be corrected.Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike NSent: Sunday, October 29, 2006 9:15 AMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW The fact that it crashes means that it could be exploitedif someone gets a copy of 8.12 and determines offsets for your OS and Imail. In the meantime, also try banning e-mail from the user [EMAIL PROTECTED] [ this might cause it to drop the connection before looking at the exploit. Of course they can also have the FROM user to be anything in the future] . - Original Message - From: Eddie Pang To: Imail_Forum@list.ipswitch.com Sent: Sunday, October 29, 2006 8:11 AM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi All, Sorry I am running V8.12 and not 8.15 as previously reported. I have compiled the exploit, and ran it against my server. With version 8.12, I am not getting any of theinjections as described (share, new user, port bind) . However, after running the exploit all smtpwill not respond to any connection request. You will have to manually stop/start SMTP to regain full function once again. Here is the catch22. You will need to enable Monitor Services if you wish to have SMTP auto restart should it hang. This service in the past has created a bunch of networking issues for a few users.. Also, I am not seeing the same info as http://www.mail-archive.com/imail_forum%40list.ipswitch.com/msg108489.html. My log looks like 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] EHLO 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] MAIL FROM [EMAIL PROTECTED] 10:29 02:43 SMTPD(a1dc000b002a1d33) [xxx.xxx.xxx.xxx] RCPT TO: @qo:10:29 02:44 SMTPD() server starting on port 25 of student.chaminade.edu AUTO RESTART OF SMTP via Monitor after SMTP fails to respond.. Display of Options from executable. = IMail 2006 and 8.x SMTP 'RCPT TO:' Stack Overflow ExploitCoded by Greg Linares glinares.code [at] GMAIL [dot] com Usage: imailexploit [hostname] [port] Payload JMPDefault port is 25 ==Payload Options: 1 = Default==1 = Share C:\ as 'Export' Share2 = Add User 'Error' with Password 'Error'3 = Win32 Bind CMD to Port 4 = Change Administrator Password to '[EMAIL PROTECTED]'==JMP Options: 1 = Default==1 = IMAIL 8.x SMTPDLL.DLL [pop ebp, ret] 0x10036f71 2 = Win2003 SP1 English NTDLL.DLL [pop ebp, ret] 0x7c87d8af 3 = Win2003 SP0 English USER32.DLL [pop ebp, ret] 0x77d02289 4 = WinXP SP2 English NTDLL.DLL [pop ebp, ret] 0x7c967e23 5 = WinXP SP1 - SP0 English USER32.DLL [pop ebp, ret] 0x71ab389c 6 = Win2000 Universal English USER32.DLL [pop ebp, ret] 0x75021397 7 = Win2000 Universal French USER32.DLL [pop ebp, ret] 0x74fa1397 8 = Windows XP SP1 - SP2 German USER32.DLL [pop ebp, ret] 0x77d18c14 Hope this provides some info, atleast to users of Version 8.12. Eddie :)
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW 8.15 ASSP
From: Beach Computers [EMAIL PROTECTED] Changed the mail server ehlo, and also enabled delaying in ASSP, but we still got hit by this. I tried to reply directly to Dave's groups address but it bounced so I am replying to the list. Dave, Thanks for the heads up and sorry to hear it. Do you have the ASSP log from when the successful attack took place? I have been watching my logs and can't seem to find anything out of the ordinary. Granted we don't have Imail responding to Internet SMTP, but I thought I'd at least see some unusual activity. What version of ASSP are you using? Do you have connection testing enabled too? Thanks, Doug Traylor ASSP v1.2.5 [EMAIL PROTECTED] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Go to the IMail administrator / Services / SMTP / Edit Kill File. Enter [EMAIL PROTECTED] and restart SMTP. NOTE: This will also block everything matching that pattern - including [EMAIL PROTECTED] (I just made that one up - don't know if it exists), so there MIGHT be side effects. - Original Message - Is there a way to do a global ban from [EMAIL PROTECTED] The only way I know is to create a rule for each domain which can be a nightmare. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Thank you! Doug, Oct-29-06 07:28:10 210.91.106.44 malformed address: '@qo:ÄÿïÿÿDjPYÙîÙt$ô[sŒo²ƒëüâôóæ„ÿçuMðìäÞ+¨ä÷3 [EMAIL PROTECTED]/„û„¸ä³á½¯+£¯ÆM¥¿N„F4ØKšziäí+„Ô„€$9PnY ä;c¨sÓ̽´Ö„Ï_9O€äÂ!äò Ò A‚ƒâðZ áiä\€gû€PØbgG‚N4ÜdPŠÔŽag°ZæmMß䶻ú!8MÙßá\ß,áLßbiäwîißæSšä˨K8MÙæãZs¿Ú«!A[Xs¹áZs¿ÚêÅéûXs¹â[Ø:Mß UvJåðZ:MßêÖiä߆iâV¥£;èæ+;í½¯A¥r-ŸñÎC!‚öW¤' Àñ?yMzÈdTÛ=ã^ݳ^Ý:ãð\ Ö‰¡áðZMð»b„Û“1Ëèd]s¿Úÿkí\s¹Mߌo²SSS' This is from ASSP with delaying on, everything in test mode. Still trying to get the server backup, so sorry for the short reply. rant All I can say at this point is I FULLY regret going with Ipswitch and putting up with all the crap they pull all the time. It's one thing where an upgrade is optional unless you want features, but a vulnerability left open is simply unacceptable. If the server stays up long enough so I have time to deal with this on Monday, I'm planning on calling around to different publications and seeing if they will publish anything about this. /rant Dave --- |Beach Computers| |Affordable Hosting Solutions | |http://www.beachcomp.com | === |Cheap Domain Warehouse | |Get Your Own Dot! | |http://www.cheapdomainwarehouse.com| -- Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Sunday, October 29, 2006 10:58 AM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Go to the IMail administrator / Services / SMTP / Edit Kill File. Enter [EMAIL PROTECTED] and restart SMTP. NOTE: This will also block everything matching that pattern - including [EMAIL PROTECTED] (I just made that one up - don't know if it exists), so there MIGHT be side effects. - Original Message - Is there a way to do a global ban from [EMAIL PROTECTED] The only way I know is to create a rule for each domain which can be a nightmare. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
For those of us who are not programmers, can someone provide a simple what we need to do to compile this so we can test our systems for this exploit. I have a HIPS running on our Imail 8.15 server, and I want to see if it will terminate the buffer overflow process. Thanks, Eddie. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Troy D. HiltonSent: Thursday, October 26, 2006 7:04 AMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW From what I understand both 8.2x and 2006 are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html Troy D. Hilton Serveon, Inc. 302-529-8640 [EMAIL PROTECTED]
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
When I did the upgrade from 8.15 to 8.22 many moons ago from what I remember it was fairly painless. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:Imail_Forum- [EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, October 26, 2006 10:46 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Darin, When I did the upgrade from 8.15 to 8.22 many moons ago from what I remember it was fairly painless. John T eServices For You Same here. No problem that I recall. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Since you have an SA you should have a key for 8.22. You can download 8.22 from our support pages and there is a link in the KB article I posted as well. Tripp - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:45 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Not to put too fine a point on it and I don't want to seem as though I'm bashing Ipswitch unnecessarily, but being forced to upgrade due to a problem of this nature is irksome. One of the problems I'll need to deal with might seem rather minuscule to you... We totally customize the login screens to suit our company's charter and tastes... Ipswitch changed the login.asp and login.aspx files so radically between versions 2006.03 and 2006.1 that we'll have to spend a few hours getting these screens squared away. I have to assume there was a reason for these changes as I doubt you'd waste horsepower. Minor problem, in the scheme of things, but still painfull... Could your programmers possibly assume that customers will be modifying the login files to better meld with their custom graphics, rather than going witha totally "form follows function" attitude? The other reasons I wasn't planning on ever upgrading to 2006.1 all concern the lack of progress in regards to the many issues we have with your web mail. I believe there were a couple of minor corrections that we thought were improvements... 1)The gauge showing how much disk space was utilized and is left. 2) Showing who the email was TO and not FROM in the sent folder... I guess I know where I'll be this Saturday, eh? -Gil -Gil -Original Message-From: "Tripp Allen" Sent 10/26/2006 4:19:06 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW You'll need to upgrade to 2006.1. Tripp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Ummm... How about 2006.03? Is that going to be patched, or do I need to quickly perform an upgrade to 2006.1 I've been running 2006.1 on a test box for a month or so, and I'm not really too choked up about it... I'll need to go back to my documentation to see exactly WHAT the issues are, but I was planning to skip that upgrade altogether and wait for the next one... -Gil -Original Message-From: "Tripp Allen" Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to this exploit.We are working on a update for 8.22 which will include one DLL that needs tobe copied over the old one during a stop / start of smtpd32. I'll post alink here as soon as it's available.TrippTo Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Many Thanks, Tripp. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 6:59 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Since you have an SA you should have a key for 8.22. You can download 8.22 from our support pages and there is a link in the KB article I posted as well. Tripp - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:45 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Thanks, John and Michael. I didn't figure there would be much of anything, but figured I'd ask to be safe. Darin. - Original Message - From: Michael Thomas - Mathbox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 2:39 AM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Darin, When I did the upgrade from 8.15 to 8.22 many moons ago from what I remember it was fairly painless. John T eServices For You Same here. No problem that I recall. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Hi Kevin, Thanks. I'll do that. I'll go through my archives and compare against your list when I get back in the office next week. Darin. - Original Message - From: Kevin Gillis [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:51 AM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Darin, Can you share what the main issues are that you'd like to see resolved before upgrading to 2006.1? Chances are that others may share similar sentiments and we'd like to prioritize and address them. Bye for now, kg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, October 27, 2006 01:46 To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Hi, all- What symptoms would indicate that you've been compromised? - Dave Doherty Skywaves, Inc. 97 Webster Street Worcester, MA 10603 (+1) - 508-425-7176 Please note our new mailing address! To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Yes, thanks. Will this work on 8.15? Cheers Mark We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
- Original Message - From: Mark [Support] [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 9:07 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Yes, thanks. Will this work on 8.15? No, as has been said here, and it bears repeating, 8.22 involved a major rewrite and differs enough that the patch for 8.22 will not work on 8.15 or below. You need to take immediate action to protect your server(s) by either removing Imail from direct contact to the internet by way of an SMTP gateway or proxy, or you need to upgrade to 8.22 at the very least. The upgrade to 8.22 from 8.15 has been reported to be straightforward from many Imail customers including myself. Hope this helps, Doug Traylor To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
on the upgrade. IIRC we did not move as the central directory (LDAP) was changed and no longer worked as it did previously. We are a K-12 school district and rely on the LDAP to lookup addresses by name, department, organization. This changed after 8.05 (I think) just saying if you rely on the LDAP for address lookup, I'd check with Ipswitch before doing it. we are behind IMGate and I'm thinking we're ok. just posting in case others use LDAP as well. bob On Friday, October 27, 2006 8:12 AM, Doug Traylor [EMAIL PROTECTED] wrote: - Original Message - From: Mark [Support] [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 9:07 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Yes, thanks. Will this work on 8.15? No, as has been said here, and it bears repeating, 8.22 involved a major rewrite and differs enough that the patch for 8.22 will not work on 8.15 or below. You need to take immediate action to protect your server(s) by either removing Imail from direct contact to the internet by way of an SMTP gateway or proxy, or you need to upgrade to 8.22 at the very least. The upgrade to 8.22 from 8.15 has been reported to be straightforward from many Imail customers including myself. Hope this helps, Doug Traylor To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
No, 8.22 only. Tom - Original Message - From: Mark [Support] [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 9:07 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW | Yes, thanks. Will this work on 8.15? | | Cheers | Mark | | We are working on a update for 8.22 which will include one DLL that | needs to | be copied over the old one during a stop / start of smtpd32. I'll post a | link here as soon as it's available. | To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html | List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ | Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ | To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
LS, Blessing to all of you. I was following the forum and have to upgrade now. Must I upgrade the different steps and fixes in sequence or can I just use the 8.22 on my running imail 8.15 In any case I'll backup first but doing it right the first time saves!!! Kenneth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael Thomas - Mathbox Sent: Friday, October 27, 2006 2:40 AM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Darin, When I did the upgrade from 8.15 to 8.22 many moons ago from what I remember it was fairly painless. John T eServices For You Same here. No problem that I recall. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Tripp, I think there are several of us who are still on 8.1x who are going to be upgrading this weekend. I will ask questions that more than just I am probably nervous about. For 8.12, all I needed was a serial No. Is this the same as the Key? Is the Serial No. / Key the same for 8.12 and 8.22? Is there any other gotcha we need to be aware of as we will be in the no support hours? Bill Green dfn Systems - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 4:59 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Since you have an SA you should have a key for 8.22. You can download 8.22 from our support pages and there is a link in the KB article I posted as well. Tripp - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:45 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude EVA] --- [This E-mail scanned for viruses by Declude EVA] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
I just used the link, filled out the form, and got a reply that I would have an answer within 2 business days. If you are trying to get this done tonight or over the weekend, this is not a viable option. Bill Green dfn Systems - Original Message - From: Martin Schaible [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 5:06 AM Subject: AW: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi, This is not really correct. If you have a subscription, you have a serial key for Imail 2006. To get a key für Imail 8.22, the customer service must be asked. Use this form: http://www.ipswitch.com/support/email_service.asp -- Mit freundlichen Grüssen Merlin Consulting Martin Schaible Bahnhofstrasse 27 CH-8702 Zollikon Phone: +41 44 391 30 00 Fax: +41 44 391 32 49 Mail:mailto:[EMAIL PROTECTED] URL: http://www.merlinconsulting.ch Support: http://support.merlinconsulting.ch GPS: N47 20.235 E8 34.226 News - Neue Produkte: .:. mxGuard - InvURIBL - MessageSniffer .:. NOD32 Antivirus System .:. BlueDragon .:. Kiwi Syslog Monitor .:. Paessler GmbH .:. SmarterTools -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Tripp Allen Gesendet: Freitag, 27. Oktober 2006 13:00 An: Imail_Forum@list.ipswitch.com Betreff: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Since you have an SA you should have a key for 8.22. You can download 8.22 from our support pages and there is a link in the KB article I posted as well. Tripp - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:45 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude EVA] --- [This E-mail scanned for viruses by Declude EVA] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
8.2 requires you to have an activation key which is a different key than your serial number. You can send an email to customer service to get an activation key for 8.2 here: http://www.ipswitch.com/support/email_service.asp Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Green dfn Systems Sent: Friday, October 27, 2006 12:08 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Tripp, I think there are several of us who are still on 8.1x who are going to be upgrading this weekend. I will ask questions that more than just I am probably nervous about. For 8.12, all I needed was a serial No. Is this the same as the Key? Is the Serial No. / Key the same for 8.12 and 8.22? Is there any other gotcha we need to be aware of as we will be in the no support hours? Bill Green dfn Systems - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 4:59 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Since you have an SA you should have a key for 8.22. You can download 8.22 from our support pages and there is a link in the KB article I posted as well. Tripp - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:45 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude EVA] --- [This E-mail scanned for viruses by Declude EVA] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Tripp, Is there anyone in Ipswitch that can CONFIRM this: If any of your customers are running 8.15 they have 2 options. PAY and upgrade. Stay vulnerable if not running any gateways. Your input is appreciated. Dave --- |Beach Computers| |Affordable Hosting Solutions | |http://www.beachcomp.com | === |Cheap Domain Warehouse | |Get Your Own Dot! | |http://www.cheapdomainwarehouse.com| -- Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Bill, It is viable. Imail will run for 30 days without the key. That should give anyone time enough to get their key. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) I just used the link, filled out the form, and got a reply that I would have an answer within 2 business days. If you are trying to get this done tonight or over the weekend, this is not a viable option. Bill Green dfn Systems To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
We are not currently planning a patch for 8.1X so you will need to upgrade. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Beach Computers Sent: Friday, October 27, 2006 12:25 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Tripp, Is there anyone in Ipswitch that can CONFIRM this: If any of your customers are running 8.15 they have 2 options. PAY and upgrade. Stay vulnerable if not running any gateways. Your input is appreciated. Dave --- |Beach Computers| |Affordable Hosting Solutions | |http://www.beachcomp.com | === |Cheap Domain Warehouse | |Get Your Own Dot! | |http://www.cheapdomainwarehouse.com| -- Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Does IPSwitch have stated life-of-product somewhere? I ask because Imail 8.2 came out in April 28 of 2005 and was the first to require "Activation" (?) Was the condition of this activation an active support contract at the time? And if so is one ordinarily included with the software at time of purchase? If, for example, one would ordinarily get a 1-year contract with purchase, then that would mean that someone purchasing imail before April 28 of 2004 would be excluded from this upgrade without purchasing a support contract. That makes the life-of-product for an IPSwitch purchase only 2.5 years. I understand that "you don't pay for a support contract, you don't get to call when it breaks" is a reasonable standard. And I understand that "you don't get a support contract you don't get new features" is another okay standard. But this is not a feature or a user problem, this is a security vulnerability. By refusing to release a patch for the basic functionality of Imail 8.15, Ipswitch is going from flag-ship software to abandonware in 2.5 years...which seems a little rough. I understand that IPSwitch makes these products in order to make money and that a small-office admin with a system that is good enough for her needs, that her users know and like, and that doesn't change enough for her to need spendy service-contracts stops making money for IPswitch if she cannot be compelled to upgrade for by a marketing blitz, but Imail 8.15 itself was only released in February of 2005...that's 18 months ago. 18 months from THE-version to no-more-patches seems excessive. How about a patch for 8.15 and a time-of-life mailling. "We will no longer be supporting Imail 8.15 after January 31st, here are your options"...instead of "Nah, we've just decided arbitrarily that it's too much trouble". No warning, no nothing. Monday there's an exploit, Friday it's expired, that's just the way it is. ...I talked to techsupport this morning and was told personally that nearly all of the cases of exploitation that they have seen have been of version 8.15. If SMTP was really so totally different between 8.15 and 8.22 then how can it have the exact same vulnerability? but still be too different to fix? If most of the people experiencing trouble are using 8.15 then how can it not be worth it to release a patch for them? Even for basic Internet Netiquette and reputation of the software this is not right. All apologies if I missed the "8.15 will expire on" in my monthly spamming and/or if this was in the fine-print when I clicked "Agree" (I guess).- Original Message From: Tripp Allen [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 10:15:19 AMSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOWWe are not currently planning a patch for 8.1X so you will need to upgrade.Tripp-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of Beach ComputersSent: Friday, October 27, 2006 12:25 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOWTripp,Is there anyone in Ipswitch that can CONFIRM this:If any of your customers are running 8.15 they have 2 options.PAY and upgrade.Stay vulnerable if not running any gateways.Your input is appreciated.Dave ---|Beach Computers||Affordable Hosting Solutions ||http://www.beachcomp.com | ===|Cheap Domain Warehouse ||Get Your Own Dot!||http://www.cheapdomainwarehouse.com| --Disclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s)and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that anydisclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. Ifyou have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the senderof the error by reply email, so that the sender's address records can becorrected.Views and opinions are solely those of the sender unless clearly indicatedas being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication hasbeen maintained or that it is free of errors, virus, interception orinterference.To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
On 27 Oct 2006 at 13:53, Robbie Pardue wrote: I agree completely Robbie! Good post! Mike N FXOL To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
same here, hope Kevin Gillis will answer this questions otherwise it seems to answer my question about the manner to force an upgrade. marc At 20:53 27.10.2006, you wrote: Does IPSwitch have stated life-of-product somewhere? I ask because Imail 8.2 came out in April 28 of 2005 and was the first to require Activation (?) Was the condition of this activation an active support contract at the time? And if so is one ordinarily included with the software at time of purchase? If, for example, one would ordinarily get a 1-year contract with purchase, then that would mean that someone purchasing imail before April 28 of 2004 would be excluded from this upgrade without purchasing a support contract. That makes the life-of-product for an IPSwitch purchase only 2.5 years. I understand that you don't pay for a support contract, you don't get to call when it breaks is a reasonable standard. And I understand that you don't get a support contract you don't get new features is another okay standard. But this is not a feature or a user problem, this is a security vulnerability. By refusing to release a patch for the basic functionality of Imail 8.15, Ipswitch is going from flag-ship software to abandonware in 2.5 years...which seems a little rough. I understand that IPSwitch makes these products in order to make money and that a small-office admin with a system that is good enough for her needs, that her users know and like, and that doesn't change enough for her to need spendy service-contracts stops making money for IPswitch if she cannot be compelled to upgrade for by a marketing blitz, but Imail 8.15 itself was only released in February of 2005...that's 18 months ago. 18 months from THE-version to no-more-patches seems excessive. How about a patch for 8.15 and a time-of-life mailling. We will no longer be supporting Imail 8.15 after January 31st, here are your options...instead of Nah, we've just decided arbitrarily that it's too much trouble. No warning, no nothing. Monday there's an exploit, Friday it's expired, that's just the way it is. ...I talked to techsupport this morning and was told personally that nearly all of the cases of exploitation that they have seen have been of version 8.15. If SMTP was really so totally different between 8.15 and 8.22 then how can it have the exact same vulnerability? but still be too different to fix? If most of the people experiencing trouble are using 8.15 then how can it not be worth it to release a patch for them? Even for basic Internet Netiquette and reputation of the software this is not right. All apologies if I missed the 8.15 will expire on in my monthly spamming and/or if this was in the fine-print when I clicked Agree (I guess). - Original Message From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 10:15:19 AM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.1X so you will need to upgrade. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Beach Computers Sent: Friday, October 27, 2006 12:25 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Tripp, Is there anyone in Ipswitch that can CONFIRM this: If any of your customers are running 8.15 they have 2 options. PAY and upgrade. Stay vulnerable if not running any gateways. Your input is appreciated. Dave --- |Beach Computers| |Affordable Hosting Solutions | |http://www.beachcomp.comhttp://www.beachcomp.com | === |Cheap Domain Warehouse | |Get Your Own Dot! | |http://www.cheapdomainwarehouse.comhttp://www.cheapdomainwarehouse.com| -- Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Well, that answers that question - aclientrunning 8.22 just had an SMTP crash. Therefor 8.22 must be vulnerable. Successful payload delivery - who knows? [ They have an SA and are still in the final stages of moving to 2006 ]. - Original Message - From: Korey Verlsteffen To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 11:34 AM Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone.My IDS systemsare reportingheavy scanning for the IMail SMTP exploit.
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
which version of 2006 is not open to this? Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike NSent: Thursday, October 26, 2006 12:42 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Well, that answers that question - aclientrunning 8.22 just had an SMTP crash. Therefor 8.22 must be vulnerable. Successful payload delivery - who knows? [ They have an SA and are still in the final stages of moving to 2006 ]. - Original Message - From: Korey Verlsteffen To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 11:34 AM Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone.My IDS systemsare reportingheavy scanning for the IMail SMTP exploit.
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
That might not be what you think. SMTP has had a problem crashing since v8.x came out. I'd do a little more research before determining it was compromised. Mike N wrote: Well, that answers that question - a client running 8.22 just had an SMTP crash. Therefor 8.22 must be vulnerable. Successful payload delivery - who knows? [ They have an SA and are still in the final stages of moving to 2006 ]. - Original Message - *From:* Korey Verlsteffen mailto:[EMAIL PROTECTED] *To:* Imail_Forum@list.ipswitch.com mailto:Imail_Forum@list.ipswitch.com *Sent:* Thursday, October 26, 2006 11:34 AM *Subject:* [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone. My IDS systems are reporting heavy scanning for the IMail SMTP exploit. --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
From what I understand both 8.2x and 2006 are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html Troy D. Hilton Serveon, Inc. 302-529-8640 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting Sent: Thursday, October 26, 2006 12:49 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW which version of 2006 is not open to this? Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Thursday, October 26, 2006 12:42 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Well, that answers that question - aclientrunning 8.22 just had an SMTP crash. Therefor 8.22 must be vulnerable. Successful payload delivery - who knows? [ They have an SA and are still in the final stages of moving to 2006 ]. - Original Message - From: Korey Verlsteffen To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 11:34 AM Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone.My IDS systemsare reportingheavy scanning for the IMail SMTP exploit.
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
So, 8.05 is vulnerable too, isn't it?? Regards, Pere Ginabreda -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Troy D. Hilton Enviado el: jueves, 26 de octubre de 2006 19:04 Para: Imail_Forum@list.ipswitch.com Asunto: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW From what I understand both 8.2x and 2006 are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html Troy D. Hilton Serveon, Inc. 302-529-8640 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting Sent: Thursday, October 26, 2006 12:49 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW which version of 2006 is not open to this? Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Thursday, October 26, 2006 12:42 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Well, that answers that question - a client running 8.22 just had an SMTP crash. Therefor 8.22 must be vulnerable. Successful payload delivery - who knows? [ They have an SA and are still in the final stages of moving to 2006 ]. - Original Message - From: Korey Verlsteffen To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 11:34 AM Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone. My IDS systems are reporting heavy scanning for the IMail SMTP exploit. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
From what I understand both 8.2x and 2006 are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html It says 8.x, so I assume that 8.15 and earlier are also vulnerable. Has Ipswitch made any recent statements about patches to pre-2006 versions? Since I can't use 2006 because of its Mac non-support, I guess I need to do an emergency cut-over to another product. Bill To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
which version of 2006 is not open to this? 2006.1 was the first with the fixes. .04 and lower is vulnerable. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
So Ipswitch has let ALL of their customers sit vulnerable regardless of having an SA? Someone from Ipswitch really needs to inform us all of the situation and EXACTLY when it will be corrected. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Troy D. HiltonSent: Thursday, October 26, 2006 1:04 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW From what I understand both 8.2x and 2006 are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html Troy D. Hilton Serveon, Inc. 302-529-8640 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity HostingSent: Thursday, October 26, 2006 12:49 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW which version of 2006 is not open to this? Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike NSent: Thursday, October 26, 2006 12:42 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Well, that answers that question - aclientrunning 8.22 just had an SMTP crash. Therefor 8.22 must be vulnerable. Successful payload delivery - who knows? [ They have an SA and are still in the final stages of moving to 2006 ]. - Original Message - From: Korey Verlsteffen To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 11:34 AM Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone.My IDS systemsare reportingheavy scanning for the IMail SMTP exploit.
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
According to the article, yes. Troy D. Hilton Serveon, Inc. 302-529-8640 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Servei Tecnic [ MICROTECH ] Sent: Thursday, October 26, 2006 1:10 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW So, 8.05 is vulnerable too, isn't it?? Regards, Pere Ginabreda -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Troy D. Hilton Enviado el: jueves, 26 de octubre de 2006 19:04 Para: Imail_Forum@list.ipswitch.com Asunto: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW From what I understand both 8.2x and 2006 are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html Troy D. Hilton Serveon, Inc. 302-529-8640 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting Sent: Thursday, October 26, 2006 12:49 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW which version of 2006 is not open to this? Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Thursday, October 26, 2006 12:42 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Well, that answers that question - a client running 8.22 just had an SMTP crash. Therefor 8.22 must be vulnerable. Successful payload delivery - who knows? [ They have an SA and are still in the final stages of moving to 2006 ]. - Original Message - From: Korey Verlsteffen To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 11:34 AM Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone. My IDS systems are reporting heavy scanning for the IMail SMTP exploit. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
At 01:24 PM 10/26/2006, you wrote: I may be time to go public to the tech publications to increase the pressure on ipswitch to come up w/ a solution.. So, 8.05 is vulnerable too, isn't it?? Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 680-6545 Email:[EMAIL PROTECTED] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
This was the reason I sat put with 7.15. Ive learned to always wait until Sandy and some other here test the waters on the newer versions and detect all the bugs/flaws and see them resolved before I make a move to upgrade. This is a shame though that it hasnt been resolved in 8.x IMO, forcing an upgrade to a new version to resolve a bug is not acceptable in this case. If we were talking about a stand-alone desktop app then perhaps, but a mail server is not something you can simply jump in and out of versions on nor would we want to. Perhaps this thread is stirring the fires at Ipswitch to do something. Troy D. Hilton Serveon, Inc. 302-529-8640 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting Sent: Thursday, October 26, 2006 1:23 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW So Ipswitch has let ALL of their customers sit vulnerable regardless of having an SA? Someone from Ipswitch really needs to inform us all of the situation and EXACTLY when it will be corrected. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Troy D. Hilton Sent: Thursday, October 26, 2006 1:04 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW From what I understand both 8.2x and 2006 are vulnerable. Check here: http://www.securiteam.com/exploits/6G00L0KH5E.html Troy D. Hilton Serveon, Inc. 302-529-8640 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting Sent: Thursday, October 26, 2006 12:49 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW which version of 2006 is not open to this? Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Thursday, October 26, 2006 12:42 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Well, that answers that question - aclientrunning 8.22 just had an SMTP crash. Therefor 8.22 must be vulnerable. Successful payload delivery - who knows? [ They have an SA and are still in the final stages of moving to 2006 ]. - Original Message - From: Korey Verlsteffen To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 11:34 AM Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone.My IDS systemsare reportingheavy scanning for the IMail SMTP exploit.
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
I'm going to say that it is what you think it is. You can search your system logs for "error 10038" and that might tell you for sure. We have seen thethe "non responding / still says running SMTP" beginning Monday. In all cases we see lines like:RCPT TO: @qo#9829;#9658;:ÉÉÉ ÉÉÉ (a variety of special characters in the string) Followed by:SMTPD() send error 10038 and somewhere thereafter SMTP stops working. We are currently using 8.15, and were advised by techsupport (response this morning, though before this thread, to try 8.22 or 2006...neither of which, by themselves would work, though I am getting the impression that a recent patch of 2006 might fix this?)That might not be what you think. SMTP has had a problem crashing since v8.x came out. I'd do a little more research before determining it was compromised. Mike N wrote: Well, that answers that question - a client running 8.22 just had anSMTP crash. Therefor 8.22 must be vulnerable. Successful payloaddelivery - who knows? [ They have an SA and are still in the finalstages of moving to 2006 ]. - Original Message - *From:* Korey Verlsteffen mailto:[EMAIL PROTECTED] *To:* Imail_Forum@list.ipswitch.com mailto:Imail_Forum@list.ipswitch.com *Sent:* Thursday, October 26, 2006 11:34 AM *Subject:* [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone. My IDS systems are reporting heavy scanning for the IMail SMTP exploit.--- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ Do you Yahoo!? Get on board. You're invited to try the new Yahoo! Mail.
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
I read the link below. I am running IMAIL Server 2006.1 which is not listed under affected products. May I assume that 2006.1 is not vulnerable? Larry Stroud Director, Computer Services CIS Project Manager - Phase IIB BlackBoard Administrator Groupwise Administrator Instructor, Computer Studies Edgecombe Community College 2009 West Wilson Street Tarboro, NC 27886 Voice: 252-823-5166 x267 Fax:252-823-6817 Email: [EMAIL PROTECTED] Tarboro Campus, Bldg A, Office 171 Make it happen, better, and faster. E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized state official. (NCGS.Ch.132) E-mail correspondence to and from this sender may be subject to the North Carolina Public Records law and may be disclosed to third parties. Korey Verlsteffen [EMAIL PROTECTED] 10/26/2006 11:34:37 am Heads up everyone. My IDS systems are reporting heavy scanning for the IMail SMTP exploit. http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html Sincerely, Korey Verlsteffen Network Administrator WebStream Internet Solutions [EMAIL PROTECTED] http://www.webstream.net E-mail correspondence to and from this sender may be subject to the North Carolina Public Records law and may be disclosed to third parties. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Just upgraded, again, and am on hold 23+ minutes with tech support. Nice. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Stroud Sent: Thursday, October 26, 2006 1:42 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW I read the link below. I am running IMAIL Server 2006.1 which is not listed under affected products. May I assume that 2006.1 is not vulnerable? Larry Stroud Director, Computer Services CIS Project Manager - Phase IIB BlackBoard Administrator Groupwise Administrator Instructor, Computer Studies Edgecombe Community College 2009 West Wilson Street Tarboro, NC 27886 Voice: 252-823-5166 x267 Fax:252-823-6817 Email: [EMAIL PROTECTED] Tarboro Campus, Bldg A, Office 171 Make it happen, better, and faster. E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized state official. (NCGS.Ch.132) E-mail correspondence to and from this sender may be subject to the North Carolina Public Records law and may be disclosed to third parties. Korey Verlsteffen [EMAIL PROTECTED] 10/26/2006 11:34:37 am Heads up everyone. My IDS systems are reporting heavy scanning for the IMail SMTP exploit. http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html Sincerely, Korey Verlsteffen Network Administrator WebStream Internet Solutions [EMAIL PROTECTED] http://www.webstream.net E-mail correspondence to and from this sender may be subject to the North Carolina Public Records law and may be disclosed to third parties. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Has Ipswitch made any recent statements about patches to pre-2006 versions? Since I can't use 2006 because of its Mac non-support, I guess I need to do an emergency cut-over to another product. Excuse you, but please provide proof that some one using ANY version of a MAC OS can not access any version of Imail 2006 webmail from ANY browser and I will prove you wrong. People have a tendency to insert foot into open mouth (including me) when making such wide open generalized accuzations. The reported problem in 2006.1 is with Safari even though I have one user on OSX 10.4 using Safari to access my webmail on 2006.1. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
So those that have been effected by this are they behind a SMTP firewall and still get hit or are these servers SMTP live to the internet? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Korey Verlsteffen Sent: Thursday, October 26, 2006 11:35 AM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone.My IDS systemsare reportingheavy scanning for the IMail SMTP exploit. http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html Sincerely, Korey Verlsteffen Network Administrator WebStream Internet Solutions [EMAIL PROTECTED] http://www.webstream.net
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
According to the doc. It's pre 2006.1 so you're OK. If you had 2006.04 you'd be vulnerable. Troy D. Hilton Serveon, Inc. 302-529-8640 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Stroud Sent: Thursday, October 26, 2006 1:42 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW I read the link below. I am running IMAIL Server 2006.1 which is not listed under affected products. May I assume that 2006.1 is not vulnerable? Larry Stroud Director, Computer Services CIS Project Manager - Phase IIB BlackBoard Administrator Groupwise Administrator Instructor, Computer Studies Edgecombe Community College 2009 West Wilson Street Tarboro, NC 27886 Voice: 252-823-5166 x267 Fax:252-823-6817 Email: [EMAIL PROTECTED] Tarboro Campus, Bldg A, Office 171 Make it happen, better, and faster. E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized state official. (NCGS.Ch.132) E-mail correspondence to and from this sender may be subject to the North Carolina Public Records law and may be disclosed to third parties. Korey Verlsteffen [EMAIL PROTECTED] 10/26/2006 11:34:37 am Heads up everyone. My IDS systems are reporting heavy scanning for the IMail SMTP exploit. http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html Sincerely, Korey Verlsteffen Network Administrator WebStream Internet Solutions [EMAIL PROTECTED] http://www.webstream.net E-mail correspondence to and from this sender may be subject to the North Carolina Public Records law and may be disclosed to third parties. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
http://secunia.com/advisories/21795 says the solution is to update to version 2006.1. http://www.ipswitch.com/support/imail/releases/im20061.asp says 2006.1 fixes a vulnerability. adamc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Stroud Sent: Thursday, October 26, 2006 13:42 To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW I read the link below. I am running IMAIL Server 2006.1 which is not listed under affected products. May I assume that 2006.1 is not vulnerable? Larry Stroud Director, Computer Services CIS Project Manager - Phase IIB BlackBoard Administrator Groupwise Administrator Instructor, Computer Studies Edgecombe Community College 2009 West Wilson Street Tarboro, NC 27886 Voice: 252-823-5166 x267 Fax:252-823-6817 Email: [EMAIL PROTECTED] Tarboro Campus, Bldg A, Office 171 Make it happen, better, and faster. E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized state official. (NCGS.Ch.132) E-mail correspondence to and from this sender may be subject to the North Carolina Public Records law and may be disclosed to third parties. Korey Verlsteffen [EMAIL PROTECTED] 10/26/2006 11:34:37 am Heads up everyone. My IDS systems are reporting heavy scanning for the IMail SMTP exploit. http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html Sincerely, Korey Verlsteffen Network Administrator WebStream Internet Solutions [EMAIL PROTECTED] http://www.webstream.net E-mail correspondence to and from this sender may be subject to the North Carolina Public Records law and may be disclosed to third parties. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
I tell our Mac customers to use Firefox which works fine. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Thursday, October 26, 2006 2:22 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Has Ipswitch made any recent statements about patches to pre-2006 versions? Since I can't use 2006 because of its Mac non-support, I guess I need to do an emergency cut-over to another product. Excuse you, but please provide proof that some one using ANY version of a MAC OS can not access any version of Imail 2006 webmail from ANY browser and I will prove you wrong. People have a tendency to insert foot into open mouth (including me) when making such wide open generalized accuzations. The reported problem in 2006.1 is with Safari even though I have one user on OSX 10.4 using Safari to access my webmail on 2006.1. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
45 minutes on hold so far. I can't believe I'm paying for this kind of support. The hold times, at least for me, have been this bad since 2006 came out. Very disappointing but this is a shining example of why smaller companies take business away from larger ones. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting Sent: Thursday, October 26, 2006 2:35 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW I tell our Mac customers to use Firefox which works fine. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Thursday, October 26, 2006 2:22 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Has Ipswitch made any recent statements about patches to pre-2006 versions? Since I can't use 2006 because of its Mac non-support, I guess I need to do an emergency cut-over to another product. Excuse you, but please provide proof that some one using ANY version of a MAC OS can not access any version of Imail 2006 webmail from ANY browser and I will prove you wrong. People have a tendency to insert foot into open mouth (including me) when making such wide open generalized accuzations. The reported problem in 2006.1 is with Safari even though I have one user on OSX 10.4 using Safari to access my webmail on 2006.1. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
I'm not sure how a firewall could help in this instance (if someone can enlighten me you would have my gratitude). As SMTP needs to be opened to the world in order for imail to receive mail, a firewall has simply to allow it (I think) or there is no mail, and that's that.Mark Pipkin [EMAIL PROTECTED] wrote: So those that have been effected by this are they behind a SMTP firewall and still get hit or are these servers SMTP live to the internet?From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Korey Verlsteffen Sent: Thursday, October 26, 2006 11:35 AM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] SMTP Exploit Scanning Going on NOWHeads up everyone.My IDS systemsare reportingheavy scanning for the IMail SMTP exploit. http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html Sincerely,Korey Verlsteffen Network Administrator WebStream Internet Solutions[EMAIL PROTECTED] http://www.webstream.net All-new Yahoo! Mail - Fire up a more powerful email and get things done faster. Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Which is my point to Bill Puetz! John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:Imail_Forum- [EMAIL PROTECTED] On Behalf Of Matrosity Hosting Sent: Thursday, October 26, 2006 11:35 AM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW I tell our Mac customers to use Firefox which works fine. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Thursday, October 26, 2006 2:22 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Has Ipswitch made any recent statements about patches to pre-2006 versions? Since I can't use 2006 because of its Mac non-support, I guess I need to do an emergency cut-over to another product. Excuse you, but please provide proof that some one using ANY version of a MAC OS can not access any version of Imail 2006 webmail from ANY browser and I will prove you wrong. People have a tendency to insert foot into open mouth (including me) when making such wide open generalized accuzations. The reported problem in 2006.1 is with Safari even though I have one user on OSX 10.4 using Safari to access my webmail on 2006.1. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Ah, but some firewalls can be configured to be a proxy or apply rules/configurations to the SMTP commands or both. SMTP Message Screener via ISA Server is one that comes to mind. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Pardue Sent: Thursday, October 26, 2006 11:41 AM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW I'm not sure how a firewall could help in this instance (if someone can enlighten me you would have my gratitude). As SMTP needs to be opened to the world in order for imail to receive mail, a firewall has simply to allow it (I think) or there is no mail, and that's that. Mark Pipkin [EMAIL PROTECTED] wrote: So those that have been effected by this are they behind a SMTP firewall and still get hit or are these servers SMTP live to the internet? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Korey Verlsteffen Sent: Thursday, October 26, 2006 11:35 AM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone.My IDS systemsare reportingheavy scanning for the IMail SMTP exploit. http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html Sincerely, Korey Verlsteffen Network Administrator WebStream Internet Solutions [EMAIL PROTECTED] http://www.webstream.net All-new Yahoo! Mail - Fire up a more powerful email and get things done faster. Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Just external hosts I figure. An internal host wouldn't get the corrupted 'rcpt to' command as the external hostshouldn't accept it. adamc From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark PipkinSent: Thursday, October 26, 2006 14:24To: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW So those that have been effected by this are they behind a SMTP firewall and still get hit or are these servers SMTP live to the internet? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Korey VerlsteffenSent: Thursday, October 26, 2006 11:35 AMTo: Imail_Forum@list.ipswitch.comSubject: [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone.My IDS systemsare reportingheavy scanning for the IMail SMTP exploit. http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html Sincerely, Korey VerlsteffenNetwork AdministratorWebStream Internet Solutions [EMAIL PROTECTED]http://www.webstream.net
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Got through - 61 minutes. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting Sent: Thursday, October 26, 2006 2:41 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 45 minutes on hold so far. I can't believe I'm paying for this kind of support. The hold times, at least for me, have been this bad since 2006 came out. Very disappointing but this is a shining example of why smaller companies take business away from larger ones. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matrosity Hosting Sent: Thursday, October 26, 2006 2:35 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW I tell our Mac customers to use Firefox which works fine. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Thursday, October 26, 2006 2:22 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Has Ipswitch made any recent statements about patches to pre-2006 versions? Since I can't use 2006 because of its Mac non-support, I guess I need to do an emergency cut-over to another product. Excuse you, but please provide proof that some one using ANY version of a MAC OS can not access any version of Imail 2006 webmail from ANY browser and I will prove you wrong. People have a tendency to insert foot into open mouth (including me) when making such wide open generalized accuzations. The reported problem in 2006.1 is with Safari even though I have one user on OSX 10.4 using Safari to access my webmail on 2006.1. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
I'm not sure how a firewall could help in this instance (if someone can enlighten me you would have my gratitude). As SMTP needs to be opened to the world in order for imail to receive mail, a firewall has simply to allow it (I think) or there is no mail, and that's that. or less. Maybe he meant a gateway? For Imail to be safe from this its smtp service cannot be open to the internet unless you are running 2006.1, there must be something else answering the smtp connections from the world (internet). That something should also be doing recipient validation and block relaying at the very least. That way this exploit would never reach Imail to compromise it. Then you only have to worry about your gateway being compromised, lol. Doug Traylor To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
I'm hoping that having my IMGate servers as the published MX servers instead of my iMail server reduces the exposure to this attack. I do have the iMail server open for incoming SMTP, but it is known only to customers. Port scanning would find it, obviously. Perhaps blocking port 25 at the outside firewall and using only the alternate port 587 would help. Does anyone know if the current scans are hitting only port 25? Jeff Hitchcock - [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Pardue Sent: Thursday, October 26, 2006 2:41 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW I'm not sure how a firewall could help in this instance (if someone can enlighten me you would have my gratitude). As SMTP needs to be opened to the world in order for imail to receive mail, a firewall has simply to allow it (I think) or there is no mail, and that's that. Mark Pipkin [EMAIL PROTECTED] wrote: So those that have been effected by this are they behind a SMTP firewall and still get hit or are these servers SMTP live to the internet? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Korey Verlsteffen Sent: Thursday, October 26, 2006 11:35 AM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone. My IDS systems are reporting heavy scanning for the IMail SMTP exploit. http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html Sincerely, Korey Verlsteffen Network Administrator WebStream Internet Solutions [EMAIL PROTECTED] http://www.webstream.net To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Thanks Tripp!!! Thanks, Grant Griffith Web Application Developer Enhanced Telecommunications http://www.etczone.com 812-932-1000 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen Sent: Thursday, October 26, 2006 3:02 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Ask them if a patch is forthcoming for 8x versions or if forced inplace upgrade is the only option (please). I gave up after exactly 61 minutes (weird huh?) and left a message. Otherwish have gotten no response from support mail, my sales contact, or even the product manager's voicemail.Matrosity Hosting [EMAIL PROTECTED] wrote: Got through - 61 minutes. Bill ForesmanMatrosity Hostingwww.matrosity.com850.656.2644-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of Matrosity HostingSent: Thursday, October 26, 2006 2:41 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW45 minutes on hold so far. I can't believe I'm paying for this kind ofsupport. The hold times, at least for me, have been this bad since 2006 cameout.Very disappointing but this is a shining example of why smaller companiestake business away from larger ones.Bill ForesmanMatrosity Hostingwww.matrosity.com850.656.2644-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of Matrosity HostingSent: Thursday, October 26, 2006 2:35 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOWI tell our Mac customers to use Firefox which works fine. Bill ForesmanMatrosity Hostingwww.matrosity.com850.656.2644-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)Sent: Thursday, October 26, 2006 2:22 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Has Ipswitch made any recent statements about patches to pre-2006versions? Since I can't use 2006 because of its Mac non-support, I guess I need todo an emergency cut-over to another product.Excuse you, but please provide proof that some one using ANY version of aMAC OS can not access any version of Imail 2006 webmail from ANY browser andI will prove you wrong.People have a tendency to insert foot into open mouth (including me) whenmaking such wide open generalized accuzations.The reported problem in 2006.1 is with Safari even though I have one user onOSX 10.4 using Safari to access my webmail on 2006.1.John TeServices For You"Life is a succession of lessons which must be lived to be understood."Ralph Waldo Emerson (1802-1882)To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ Get your email and more, right on the new Yahoo.com
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Here's one... Using ASSP, should be safe right? Dave --- |Beach Computers| |Affordable Hosting Solutions | |http://www.beachcomp.com | === |Cheap Domain Warehouse | |Get Your Own Dot! | |http://www.cheapdomainwarehouse.com| -- Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug Traylor Sent: Thursday, October 26, 2006 3:01 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW I'm not sure how a firewall could help in this instance (if someone can enlighten me you would have my gratitude). As SMTP needs to be opened to the world in order for imail to receive mail, a firewall has simply to allow it (I think) or there is no mail, and that's that. or less. Maybe he meant a gateway? For Imail to be safe from this its smtp service cannot be open to the internet unless you are running 2006.1, there must be something else answering the smtp connections from the world (internet). That something should also be doing recipient validation and block relaying at the very least. That way this exploit would never reach Imail to compromise it. Then you only have to worry about your gateway being compromised, lol. Doug Traylor To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
I am sure that would work, but as you know the more port 587 is published, it will be hit also... We are looking into doing this as well. We just put an IMGate server in front of our Barracuda we have and have it filtering using just a few tests and recipient verification and it dropped our load on the barracuda by 300%! We were seeing around 400k email a day on the cuda and IMGate reduced it to under 100k day. Thanks, Grant Griffith Web Application Developer Enhanced Telecommunications http://www.etczone.com 812-932-1000 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Hitchcock Sent: Thursday, October 26, 2006 3:05 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW I'm hoping that having my IMGate servers as the published MX servers instead of my iMail server reduces the exposure to this attack. I do have the iMail server open for incoming SMTP, but it is known only to customers. Port scanning would find it, obviously. Perhaps blocking port 25 at the outside firewall and using only the alternate port 587 would help. Does anyone know if the current scans are hitting only port 25? Jeff Hitchcock - [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Pardue Sent: Thursday, October 26, 2006 2:41 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW I'm not sure how a firewall could help in this instance (if someone can enlighten me you would have my gratitude). As SMTP needs to be opened to the world in order for imail to receive mail, a firewall has simply to allow it (I think) or there is no mail, and that's that. Mark Pipkin [EMAIL PROTECTED] wrote: So those that have been effected by this are they behind a SMTP firewall and still get hit or are these servers SMTP live to the internet? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Korey Verlsteffen Sent: Thursday, October 26, 2006 11:35 AM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] SMTP Exploit Scanning Going on NOW Heads up everyone. My IDS systems are reporting heavy scanning for the IMail SMTP exploit. http://www.juniper.net/security/auto/vulnerabilities/vuln3414.html Sincerely, Korey Verlsteffen Network Administrator WebStream Internet Solutions [EMAIL PROTECTED] http://www.webstream.net To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Thanks Tripp, I think. Will this be available for us that have hesitated to renew our SA's? Mark Tripp Allen wrote: 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
The dll will be placed on our FTP servers and a KB article will be created with a link to that download. Anyone will be able to download the .dll and install it, but you should only do that if you have 8.22. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Imail Sent: Thursday, October 26, 2006 3:26 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Thanks Tripp, I think. Will this be available for us that have hesitated to renew our SA's? Mark Tripp Allen wrote: 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
I would hope so. This is NOT a new feature... it is a fix for a flaw in their software. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Imail Sent: Thursday, October 26, 2006 3:26 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Thanks Tripp, I think. Will this be available for us that have hesitated to renew our SA's? Mark Tripp Allen wrote: 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
What is the best way to confirm your version number in Imail 2006? Mark Reimer IT System Admin American CareSource 972-308-6887 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen Sent: Thursday, October 26, 2006 2:29 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW The dll will be placed on our FTP servers and a KB article will be created with a link to that download. Anyone will be able to download the .dll and install it, but you should only do that if you have 8.22. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Imail Sent: Thursday, October 26, 2006 3:26 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Thanks Tripp, I think. Will this be available for us that have hesitated to renew our SA's? Mark Tripp Allen wrote: 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Thanks Tripp for the clarification. You got an estimated ETA for this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen Sent: Thursday, October 26, 2006 3:29 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW The dll will be placed on our FTP servers and a KB article will be created with a link to that download. Anyone will be able to download the .dll and install it, but you should only do that if you have 8.22. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Imail Sent: Thursday, October 26, 2006 3:26 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Thanks Tripp, I think. Will this be available for us that have hesitated to renew our SA's? Mark Tripp Allen wrote: 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
I am sure that would work, but as you know the more port 587 is published, it will be hit also... Imail 587 refuses any SMTP command, including the RCPT TO and its vulnerability, if the SMTP session is started without an SMTP AUTH after EHLO. IIRC, about the only command port 587 accepts without a preceding successful SMTP AUTH is EHLO. Imail 587 it won't even accept HELO because HELO says the SMTP protocol level will be basic SMTP protocol and therefore won't support Enhanced ESMTP service of SMTP AUTH. Everybody should hack their registries to activate port 587. It absolutely can't hurt to have it on. Then telnet into it to see how it behaves. Len To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Trip Allen you're my hero. Thanks, Sam SJ.Stanaitis - Network Administrator Decorative Product Source E-commerce Network -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen Sent: Thursday, October 26, 2006 3:29 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW The dll will be placed on our FTP servers and a KB article will be created with a link to that download. Anyone will be able to download the .dll and install it, but you should only do that if you have 8.22. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Imail Sent: Thursday, October 26, 2006 3:26 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Thanks Tripp, I think. Will this be available for us that have hesitated to renew our SA's? Mark Tripp Allen wrote: 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Whoops... Meant Tripp. Thanks, Sam SJ.Stanaitis - Network Administrator Decorative Product Source E-commerce Network -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen Sent: Thursday, October 26, 2006 3:29 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW The dll will be placed on our FTP servers and a KB article will be created with a link to that download. Anyone will be able to download the .dll and install it, but you should only do that if you have 8.22. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Imail Sent: Thursday, October 26, 2006 3:26 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Thanks Tripp, I think. Will this be available for us that have hesitated to renew our SA's? Mark Tripp Allen wrote: 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW - will ASSP protect Imail?
Well if you have ASSP set up for delaying it will likely kick the connection anyway. It's doubtful these scanners are repeatedly trying the same host over and over. -Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug Traylor Sent: Thursday, October 26, 2006 3:55 PM To: Imail_Forum@list.ipswitch.com Cc: assp user list Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW - will ASSP protect Imail? Here's one... Using ASSP, should be safe right? Not necessarily. That's something I have asked on the ASSP mailing list. ASSP is not a gateway but rather, a proxy so it does eventually pass recipient and data information to the SMTP server. If that happens to be Imail and you don't have ASSP configured correctly, Imail could still be compromised I believe. Since this exploit is using the rcpt command and since ASSP can do recipient validation by both LDAP and flat file, and can be configured to block relaying, I think it will block this exploit if configured to do so as it does this validation before sending to the mail server. Also ASSP can be configured to delay new unknown connections which could frustrate exploitation and it has completely stopped receipt of virus laden emails from infected computers at our site. We still get the rare bounce from legitimate email servers that get caught by our AV gateway and attachment type blocker. My question is if the exploit source IP# is allowed through by ASSP and has already given the malicious rcpt command to ASSP, does the exploit source resend the malicious rcpt command that is then answered by Imail, or does ASSP forward the rcpt command to Imail or would ASSP just reject it as invalid? So the answer is, it depends on your configuration. I believe using the latest version of ASSP (1.2.5) set up to use all the anti spam and connection based protection capabilities will protect Imail from this exploit. Doug Traylor To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Ummm... How about 2006.03? Is that going to be patched, or do I need to quickly perform an upgrade to 2006.1 I've been running 2006.1 on a test box for a month or so, and I'm not really too choked up about it... I'll need to go back to my documentation to see exactly WHAT the issues are, but I was planning to skip that upgrade altogether and wait for the next one... -Gil -Original Message-From: "Tripp Allen" Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to this exploit.We are working on a update for 8.22 which will include one DLL that needs tobe copied over the old one during a stop / start of smtpd32. I'll post alink here as soon as it's available.TrippTo Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
You'll need to upgrade to 2006.1. Tripp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Ummm... How about 2006.03? Is that going to be patched, or do I need to quickly perform an upgrade to 2006.1 I've been running 2006.1 on a test box for a month or so, and I'm not really too choked up about it... I'll need to go back to my documentation to see exactly WHAT the issues are, but I was planning to skip that upgrade altogether and wait for the next one... -Gil -Original Message-From: "Tripp Allen" Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to this exploit.We are working on a update for 8.22 which will include one DLL that needs tobe copied over the old one during a stop / start of smtpd32. I'll post alink here as soon as it's available.TrippTo Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Tripp, Remind me how we tell which release we are on. Mark Reimer IT System Admin American CareSource 972-308-6887 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen Sent: Thursday, October 26, 2006 3:19 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW You'll need to upgrade to 2006.1. Tripp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Gomes Sent: Thursday, October 26, 2006 4:13 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Ummm... How about 2006.03? Is that going to be patched, or do I need to quickly perform an upgrade to 2006.1 I've been running 2006.1 on a test box for a month or so, and I'm not really too choked up about it... I'll need to go back to my documentation to see exactly WHAT the issues are, but I was planning to skip that upgrade altogether and wait for the next one... -Gil -Original Message- From: Tripp Allen Sent 10/26/2006 3:02:19 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
You know youre not on 2006.1 when your box gets pwn3d by a script kiddie. Sorrykinda grumpy after this mess. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Reimer Sent: Thursday, October 26, 2006 4:21 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Tripp, Remind me how we tell which release we are on. Mark Reimer IT System Admin American CareSource 972-308-6887 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen Sent: Thursday, October 26, 2006 3:19 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW You'll need to upgrade to 2006.1. Tripp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Gomes Sent: Thursday, October 26, 2006 4:13 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Ummm... How about 2006.03? Is that going to be patched, or do I need to quickly perform an upgrade to 2006.1 I've been running 2006.1 on a test box for a month or so, and I'm not really too choked up about it... I'll need to go back to my documentation to see exactly WHAT the issues are, but I was planning to skip that upgrade altogether and wait for the next one... -Gil -Original Message- From: Tripp Allen Sent 10/26/2006 3:02:19 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Lovely... Just lovely... -Original Message-From: "Tripp Allen" Sent 10/26/2006 4:19:06 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW You'll need to upgrade to 2006.1. Tripp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Ummm... How about 2006.03? Is that going to be patched, or do I need to quickly perform an upgrade to 2006.1 I've been running 2006.1 on a test box for a month or so, and I'm not really too choked up about it... I'll need to go back to my documentation to see exactly WHAT the issues are, but I was planning to skip that upgrade altogether and wait for the next one... -Gil -Original Message-From: "Tripp Allen" Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to this exploit.We are working on a update for 8.22 which will include one DLL that needs tobe copied over the old one during a stop / start of smtpd32. I'll post alink here as soon as it's available.TrippTo Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
The easiest way is to telnet to port 25 and look at the banner. For 2006.1 it will say 9.1. Or you can look at the release notes. Tripp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark ReimerSent: Thursday, October 26, 2006 4:21 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Tripp, Remind me how we tell which release we are on. Mark Reimer IT System Admin American CareSource 972-308-6887 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp AllenSent: Thursday, October 26, 2006 3:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW You'll need to upgrade to 2006.1. Tripp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Ummm... How about 2006.03? Is that going to be patched, or do I need to quickly perform an upgrade to 2006.1 I've been running 2006.1 on a test box for a month or so, and I'm not really too choked up about it... I'll need to go back to my documentation to see exactly WHAT the issues are, but I was planning to skip that upgrade altogether and wait for the next one... -Gil -Original Message-From: "Tripp Allen" Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to this exploit.We are working on a update for 8.22 which will include one DLL that needs tobe copied over the old one during a stop / start of smtpd32. I'll post alink here as soon as it's available.TrippTo Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
8.15 is vulnerable right now, I can personally confirm this. Two separate physical servers in separate places and unrelated IP space which I oversee were exploited on Monday and Wednesday (both were reported, with logs examples to techsupport). We have not been reluctant to maintain contracts (we have had contracts on both of these boxes all along) only to upgrade in a flurry of post 8.2 activity on the forum (and following some upgrade-related disasters on previous versions). We are looking into going straight from 8.15 to 2006 or to temporarily going to 8.22 to get this patch but would WILDLY prefer a patch for 8.15 to buy a little more time to do our upgrades right. I will ask for nothing else from you ever. Tripp Allen [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen Sent: Thursday, October 26, 2006 2:14 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOWWe are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now.Tripp-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOWWhat about 8.15, Tripp? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark ReimerSent: Thursday, October 26, 2006 4:21 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Tripp, Remind me how we tell which release we are on. Mark Reimer IT System Admin American CareSource 972-308-6887 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp AllenSent: Thursday, October 26, 2006 3:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW You'll need to upgrade to 2006.1. Tripp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Ummm... How about 2006.03? Is that going to be patched, or do I need to quickly perform an upgrade to 2006.1 I've been running 2006.1 on a test box for a month or so, and I'm not really too choked up about it... I'll need to go back to my documentation to see exactly WHAT the issues are, but I was planning to skip that upgrade altogether and wait for the next one... -Gil -Original Message-From: "Tripp Allen" Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to this exploit.We are working on a update for 8.22 which will include one DLL that needs tobe copied over the old one during a stop / start of smtpd32. I'll post alink here as soon as it's available.TrippTo Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail.
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
- Original Message - From: Robbie Pardue [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 4:26 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW I will ask for nothing else from you ever. How do you know this today? Do you know something we don't know about the future? Should I go buy that motorcycle I have been lusting after just to get a few rides in before :o) Doug To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
So, let me make sure I have Ipswich's answer correctly. We don't know if 8.15 is affected, therefore if you are running it, good luck because we have no plan on giving you a fix. Did I miss anything? I sure hope so. Dave===Beach ComputersAffordable Hosting Solutionshttp://www.beachcomp.com===Cheap Domain WarehouseGet Your Own Dot!http://www.cheapdomainwarehouse.comDisclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address recordscan be corrected.Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie PardueSent: Thursday, October 26, 2006 5:26 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 8.15 is vulnerable right now, I can personally confirm this. Two separate physical servers in separate places and unrelated IP space which I oversee were exploited on Monday and Wednesday (both were reported, with logs examples to techsupport). We have not been reluctant to maintain contracts (we have had contracts on both of these boxes all along) only to upgrade in a flurry of post 8.2 activity on the forum (and following some upgrade-related disasters on previous versions). We are looking into going straight from 8.15 to 2006 or to temporarily going to 8.22 to get this patch but would WILDLY prefer a patch for 8.15 to buy a little more time to do our upgrades right. I will ask for nothing else from you ever.Tripp Allen [EMAIL PROTECTED] wrote: -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp AllenSent: Thursday, October 26, 2006 2:14 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark ReimerSent: Thursday, October 26, 2006 4:21 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Tripp, Remind me how we tell which release we are on. Mark Reimer IT System Admin American CareSource 972-308-6887 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp AllenSent: Thursday, October 26, 2006 3:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW You'll need to upgrade to 2006.1. Tripp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Ummm... How about 2006.03? Is that going to be patched, or do I need to quickly perform an upgrade to 2006.1 I've been running 2006.1 on a test box for a month or so, and I'm not really too choked up about it... I'll need to go back to my documentation to see exactly WHAT the issues are, but I was planning to skip that upgrade altogether and wait for the next one... -Gil -Original Message-From: "Tripp Allen" Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to this exploit.We are working on a update for 8.22 which will include one DLL that needs tobe copied over the old one during a stop / start of smtpd32. I'll post alink here as soon as it's available.TrippTo Unsubscribe: http://www.ipswitch.c
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW - will ASSP protect Imail?
Here's one... Using ASSP, should be safe right? Not necessarily. That's something I have asked on the ASSP mailing list. ASSP is not a gateway but rather, a proxy so it does eventually pass recipient and data information to the SMTP server. If that happens to be Imail and you don't have ASSP configured correctly, Imail could still be compromised I believe. Since this exploit is using the rcpt command and since ASSP can do recipient validation by both LDAP and flat file, and can be configured to block relaying, I think it will block this exploit if configured to do so as it does this validation before sending to the mail server. Also ASSP can be configured to delay new unknown connections which could frustrate exploitation and it has completely stopped receipt of virus laden emails from infected computers at our site. We still get the rare bounce from legitimate email servers that get caught by our AV gateway and attachment type blocker. My question is if the exploit source IP# is allowed through by ASSP and has already given the malicious rcpt command to ASSP, does the exploit source resend the malicious rcpt command that is then answered by Imail, or does ASSP forward the rcpt command to Imail or would ASSP just reject it as invalid? So the answer is, it depends on your configuration. I believe using the latest version of ASSP (1.2.5) set up to use all the anti spam and connection based protection capabilities will protect Imail from this exploit. Doug Traylor To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Tripp said they don't know. He didn't say they wouln't fix it. We now have confirmation from Robbie that 8.15 is vulnerable. So, over to you, Tripp. What are your plans? Upgrades to 8.22, or a new SMTPD32 for 8.15? Or will the new SMTPD work with 8.15? -Dave DohertySkywaves, Inc.508-425-7176[EMAIL PROTECTED] - Original Message - From: Beach Computers To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 4:54 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW So, let me make sure I have Ipswich's answer correctly. We don't know if 8.15 is affected, therefore if you are running it, good luck because we have no plan on giving you a fix. Did I miss anything? I sure hope so. Dave===Beach ComputersAffordable Hosting Solutionshttp://www.beachcomp.com===Cheap Domain WarehouseGet Your Own Dot!http://www.cheapdomainwarehouse.comDisclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address recordscan be corrected.Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie PardueSent: Thursday, October 26, 2006 5:26 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 8.15 is vulnerable right now, I can personally confirm this. Two separate physical servers in separate places and unrelated IP space which I oversee were exploited on Monday and Wednesday (both were reported, with logs examples to techsupport). We have not been reluctant to maintain contracts (we have had contracts on both of these boxes all along) only to upgrade in a flurry of post 8.2 activity on the forum (and following some upgrade-related disasters on previous versions). We are looking into going straight from 8.15 to 2006 or to temporarily going to 8.22 to get this patch but would WILDLY prefer a patch for 8.15 to buy a little more time to do our upgrades right. I will ask for nothing else from you ever.Tripp Allen [EMAIL PROTECTED] wrote: -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp AllenSent: Thursday, October 26, 2006 2:14 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark ReimerSent: Thursday, October 26, 2006 4:21 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Tripp, Remind me how we tell which release we are on. Mark Reimer IT System Admin American CareSource 972-308-6887 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp AllenSent: Thursday, October 26, 2006 3:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW You'll need to upgrade to 2006.1. Tripp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Ummm... How about 2006.03? Is that going to be patched, or do I need
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
I suggest talking with the product manager, Kevin Gillis, about 8.15. The update for SMTPD I'm posting will ONLY work for 8.22. Tripp - Original Message - From: Dave Doherty To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 7:10 PM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Tripp said they don't know. He didn't say they wouln't fix it. We now have confirmation from Robbie that 8.15 is vulnerable. So, over to you, Tripp. What are your plans? Upgrades to 8.22, or a new SMTPD32 for 8.15? Or will the new SMTPD work with 8.15? -Dave DohertySkywaves, Inc.508-425-7176[EMAIL PROTECTED] - Original Message - From: Beach Computers To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 4:54 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW So, let me make sure I have Ipswich's answer correctly. We don't know if 8.15 is affected, therefore if you are running it, good luck because we have no plan on giving you a fix. Did I miss anything? I sure hope so. Dave===Beach ComputersAffordable Hosting Solutionshttp://www.beachcomp.com===Cheap Domain WarehouseGet Your Own Dot!http://www.cheapdomainwarehouse.comDisclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address recordscan be corrected.Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie PardueSent: Thursday, October 26, 2006 5:26 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 8.15 is vulnerable right now, I can personally confirm this. Two separate physical servers in separate places and unrelated IP space which I oversee were exploited on Monday and Wednesday (both were reported, with logs examples to techsupport). We have not been reluctant to maintain contracts (we have had contracts on both of these boxes all along) only to upgrade in a flurry of post 8.2 activity on the forum (and following some upgrade-related disasters on previous versions). We are looking into going straight from 8.15 to 2006 or to temporarily going to 8.22 to get this patch but would WILDLY prefer a patch for 8.15 to buy a little more time to do our upgrades right. I will ask for nothing else from you ever.Tripp Allen [EMAIL PROTECTED] wrote: -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp AllenSent: Thursday, October 26, 2006 2:14 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark ReimerSent: Thursday, October 26, 2006 4:21 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Tripp, Remind me how we tell which release we are on. Mark Reimer IT System Admin American CareSource 972-308-6887
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp What about an update to 8.1x? Mike N FXOL To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
I suggest talking with the product manager, Kevin Gillis, about 8.15. The update for SMTPD I'm posting will ONLY work for 8.22. I can definately tell you 8.15 has the problem Mike N FXOL To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Hi Darin, Can you share what the main issues are that you'd like to see resolved before upgrading to 2006.1? Chances are that others may share similar sentiments and we'd like to prioritize and address them. Bye for now, kg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, October 27, 2006 01:46 To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/