I'm gonna comment on this one again. This type of vulnerability should only be an issue if your Guest account is enabled. You HAVE to leave anonymous access on if you want other mail systems to communicate with you. If you have POP3 and/or IMAP clients, you must leave the box checked to "allow all computers which successfully relay...". I have never seen a case where the server truly was an open relay with these settings.
If your configuration was like this, than likely what happened is one of your accounts was compromised. Exchange WILL NOT relay with those settings unless you successfully authenticate, such as you do when you specify that the outgoing smtp server requires authentication. Also, if this is the case, it is NOT a case where you were an open relay, it is a case where an account was compromised and allowed to relay off the server. Configuring user accounts with strong passwords, and configuring them to lock out after x number of unsuccessful logins should mitigate any risk of SMTP Auth attacks, aside from a user revealing their password. Ben Winzenz Network Engineer Gardner & White (317) 581-1580 ext 418 -----Original Message----- From: Wohlgemuth, Mike [mailto:[EMAIL PROTECTED] Posted At: Thursday, December 18, 2003 11:23 AM Posted To: Exchange (Swynk) Conversation: Open Relay/Spamcop Subject: RE: Open Relay/Spamcop I concur with greg ... our server had those settings and we were being used as a relay ... turned off "Allow all computers which successfully authenticate to relay, regardless of the list above." and that stopped it ... Mike -----Original Message----- From: Greg Deckler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:17 AM To: Exchange Discussions Subject: Re: Open Relay/Spamcop This may or may not be the problem, but I have seen spammers able to relay off an Exchange server if the following configuration applies: 1. If "Anonymous access" is turned on. SMTP Virtual Server properties, Access page, Authentication. 2. And, "Allow all computers which successfully authenticate to relay, regardless of the list above." is checked. SMTP Virtual Server properties, Access page, Relay. > Hello All and Happy Holidays! > > I have a colleague whos Exchange 2000 server is being reported as Open > Relay by spamcop for the past month. I have tested his relay by > setting up a POP account in Outlook, putting the server that is being > reported as Open relay as my Outgoing SMTP server. =20 > > When I try to send a message using Outlook, I get a return message that > 550 5.7.1 Unable to relay. I am relieved that it could not relay. > That is good, however, why then is spamcop still reporting it to be > open relay? =20 > > I have checked (over the phone) all his Virtual SMTP Server settings > to verify correct configuration. Everything seems to be "checked" or > "unchecked" as recommended by Microsoft. > > We have Stopped/Started Services for SMTP > > The Exchange 2000 server is behind a NAT and I have looked into the > possibility of this. I have been out on the spamcop site and for the > life of me cannot find a way to make them check the server again to > see if it is closed relay like ORDB does. =20 > > Any ideas or comments???? =20 > > > > Samantha Bridges > Communications Technician > Macomb Intermediate School District > 44001 Garfield Road > Clinton Township MI 48038-1100 > (586) 228-3300 > > [EMAIL PROTECTED] > http://www.misd.net > > > CONFIDENTIALITY NOTICE: This email message, including any attachments, > is for the sole use of the intended recipient(s) and may contain > confidential and privileged information. Any unauthorized review, use, > disclosure or distribution is prohibited. If you are not the intended > recipient, please contact the sender by reply email and destroy all > copies of the original message. > > =20 _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]