On Sun, 2 Dec 2001 12:18:05 -0800
"Mark L. Jackson" <[EMAIL PROTECTED]> wrote:
> > > > I got about thirty employees outside the office that access our
> > > > exchange server through IMAP to get their email. Relaying was left
> > > > open so that it is possible for them to send out through our email
> > > > server regardless of how they are connected through the internet.
>
> bad idea.
>
>
> > > > Well, seems someone is using my email server for spamming purposes.
>
> no shock there.
>
> > > > Ummm... So I did everything i'm supposed to do in the virtual SMTP
> > > > properties. i tried to deny relay access from the hotmail.com and
> > > > yahoo.com domains. that doesn't work, i tired to disable anonymous
>
> I doubt your mail is coming from those domains. Might be going TO them.
>
> Do you have MTA message tracking? That will tell you where the MTA is
> sending email. (NOTE: I am not referring to mail tracking the MESSAGE
> STOREs)
>
> > > > authentication in the acess tabs, but this prevents anyone from
> > > > sending. SUpport tells me i should enable a password authentication
> > > > on the outgoing server. Did that, and it rejects the password. Tried
> > > > only basic authentication, nope. Tried every combination of basic,
> > > > integrated, and anonymous authentication. Nope. It either allows
> > > > everyone to relay or no one to send. On the relay tab, i tried grant
> > > > relay to only the list below and left the list empty but checked
> > > > "Allow all computers who authenticate to relay, regardless of list
> > > > above" this doesn't work- no one can send.
> > > >
> > > > Am i making sense here? Please ask me to be more specific if i am not
> > > > making any sense because i do not wanna call micro$oft.
>
> A few options:
> 1) Citrix server - my guess is you don't want to set this up or pay for
> it, and you don't have the time. I'll skip it.
>
> 2) OWA - Outlook web access. This requires a proxy (works best with MS
> Proxy or ISA,) and a web server (IIS is built for this. This is the
> easiest and keeps control server side. It does open up security issues,
> as this is passed over port 80.
>
> 3) NTLM - Have your people log into your domain BEFORE they try to access
> your email server.
>
> Then reset your server to deny all relaying.
>
> My guess is that they directly accessing your system similar to the
> below. They probably have an automated program doing it.
>
> ex: at a command line
> c:\ telnet xxx.xxx.xxx.xxx 110
>
> you should get something like this:
> +OK Microsoft Exchange POP3 server version 5.5.2653.23 ready
>
> You can also connect to port 25, if your proxy or firewall does not block
> it.
>
One of our clients got around this problem by making users VPN or RAS into the network
to get their mail, thus making it easy in that odd way. You just give them PDA's or
Laptops. Providing that you have these resources.
--
--
----
Enphourell Security
[EMAIL PROTECTED]
www.enphourell.com
---------------------------------------------------------------------------------------------------------------------------
Content of this electronic message is intended only for the persons and/or entity
to which it is addressed. It may
contain confidential and/or priviliged material. If persons other than the
intended recipient(s) should come into
possession of this electronic message, he/she will not be entitled to read,
disseminate, disclose or duplicate it.
---------------------------------------------------------------------------------------------------------------------------
