I believe that we are talking about two different things. I am not trying to setup any sort of special blocking. I am trying to evaluate the security patch that Microsoft came out with. According to MS02-011 (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security /bulletin/MS02-011.asp ) there is some sort of a flaw in the way that Exchange 5.5 and W2K perform the check on who can relay and who can not. I don't want to have to add a patch that is not needed. If this vulnerability only applies to a setup where relaying is allowed to authenticated users than I should not need to apply it. I appreciate any thoughts you may have, John
----- Original Message ----- From: "Woodrick, Ed" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Tuesday, March 12, 2002 4:16 PM Subject: RE: MS02-011 You are reading way too much into the functionality presented. It is not designed, nor necessarily desired to do the level of blocking that you are requesting. The concept is to allow for trusted users to relay through your server, mainly for POP3/IMAP4 use. In this case, a trusted user is one that can authenticate in your domain or has other characteristics, such as being on a specific subnet. If you have a user that has a domain account and is abusing rights by sending through a server that they should not be, then revoke the domain account. I believe that I can answer for Microsoft along these lines, it isn't a bug and there will be no functionality modifications made to this code. Although I haven't checked, I suspect that in Exchange 2000, you might be able to restrict the permissions on those who access the SMTP service, but I would not suggest doing it. A) Give the users email B) If they are smart enough to figure this out, give them a IT job with an Email account C) If they can't follow rules, fire them Both Exchange 5.5 and Exchange 2000 perform this function exactly as designed. -----Original Message----- From: JCMont [mailto:[EMAIL PROTECTED]] Posted At: Tuesday, March 12, 2002 10:57 AM Posted To: Microsoft Exchange Conversation: MS02-011 Subject: MS02-011 I am rejoining this group after being gone for a while so if I am asking something that has already been discussed I do apologize. I tried to search the archives but I did not see anything. I had a question about security bulletin MS02-011 (mail relaying on an Exchange 5.5 server). >From the FAQ section it says... Before a user can make use of a mail service, they first must authenticate to the server. But even if this is done successfully, the mail services themselves should perform additional checking to ensure that it's appropriate to let the user access them. Neither the Windows 2000 SMTP service nor the Exchange Server 5.5 IMC perform this additional checking correctly. The result is that a user who could successfully authenticate to the server would always have the ability to use the mail services, even if it's not appropriate. Does this mean that if Exchange is setup to relay mail and then set that it would only relay mail for authenticated users that this is vulnerable? Should I take it to mean that if Exchange is setup to not relay or only relay from certain IP's that it is not vulnerable? I appreciate your input. I am trying to correctly evaluate the scope of this vulnerability. Thank you. John _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
