SMTP Exploits

Networking/Security Forums -> Exploits // System Weaknesses

Author: pmidwest PostPosted: Wed Dec 11, 2002 10:35 pm    Post subject: SMTP Exploits
    ----
Dose anyone have or know where I can get info on securing port 25?
And or Microsoft Exchange 5.5?

In an earlier post I found this...

Quote:
SMTP servers (esp. sendmail) are one of the favorite ways to break into systems because they must be exposed to the Internet as a whole and e-mail routing is complex (complexity + exposure = vulnerability).


And I would like to get any info I can to point me in the right direction to getting this port as tight as possible.

Any help would be greatly appreciated.

Thanks in advance.

Paul

Rolling Eyes

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Dec 12, 2002 12:09 am    Post subject:
    ----
Well I tend to keep 25 totally blocked and only allow internal hosts to use the SMTP server, if you have to give external mail access give it using SSL web-mail or if you must POP3.

If you really need to give external access to port 25 make sure whatever you are running is totally patched and up to date, preferably IP mask it to the ranges that need to use it.

If not authentication will do, or it will be an open relay.

Keep the mail server in a DMZ if you plan to give external access aswell.

Author: pmidwest PostPosted: Thu Dec 12, 2002 12:17 am    Post subject:
    ----
Up until recently our parent company has ran the mail server for everyone and now we are setting up our own mail server. Now the IT manager assigned me to research this and get him any info that could result in our servers being insecure because of the change. I believe we have to use SMTP (25) because of Outlook 5.5? But you suggest just patching it up with everything Microsoft offers for it?

Anything else that we could do to keep it secure?

Thanks again

Paul

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Dec 12, 2002 12:20 am    Post subject:
    ----
Yeh but do you need to give access to the SMTP server over the Internet? That's not normal.

Every ISP provides you with an IP masked SMTP server for use while you are online with them.

That's what most people use.

You only need SMTP to relay to your ISP's smart host from your Internal network right?

And yeh patch to the max, if you are really worried about security don't use exchange, grab a copy of BSD or Slackware and stick Exim on there Very Happy

Author: pmidwest PostPosted: Thu Dec 12, 2002 12:26 am    Post subject:
    ----
I'm not too sure about any of this. I dont know the first thing about mail servers. could you explane in a little more detail? If you have time that is

Thanks

Paul

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Dec 12, 2002 12:32 am    Post subject:
    ----
pmidwest wrote:
I'm not too sure about any of this. I dont know the first thing about mail servers. could you explane in a little more detail? If you have time that is


Heh, no offence but why did your boss ask you to do this?

If you find out some more info about the situation, perhaps read a little about e-mail servers, how they work, what you require and how your e-mail server is going to work you will be better equipped to ask questions.

When you have a clear idea of what you need and any problems the situation may cause please post back.

Cheers!

Author: pmidwest PostPosted: Thu Dec 12, 2002 12:57 am    Post subject:
    ----
Yeah I know... but I've been searching the net all day and havent come across anything about the isp providing an IP masked SMTP. You got me all excited... I thought I was getting some where and then you shot me down Hehe... but its all good. I understand where your coming from. I'll just keep looking around

Thanks

Paul

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Dec 12, 2002 1:04 am    Post subject:
    ----
Well just find out from your boss what you need.

I'll give you an example..

Say I'm at home using dialupisp.com for my Internet access, even if I want to send mail from my work account I wont send via mail.work.com I'll send via smtp.dialupisp.com.

Every ISP provides SMTP access for it's users.

Generally you don't need to give external SMTP access, only POP3.

Keep reading Very Happy

Author: SecWiz PostPosted: Thu Dec 12, 2002 12:34 pm    Post subject: SMTP and port 25
    ----
Hi Paul,

From what I can gather from the previous posts you are trying to set up your own mail server.

You will have to open port 25 to give access to the Exchange server. How else are you going to receive mail.

Yes, you can have an ISP "mailbag" your mail, but you still need to retrieve it. This was a popular solution for dialup connections. (or as a secondary host incase your primary server goes down)

You can't use authentication for SMTP, except if you collect mail from your ISP

Hope this makes sense,

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Dec 12, 2002 12:43 pm    Post subject:
    ----
Well yeh if you are setting the MX records for the domain to the IP of the Exchange box.

Not sure what the plan is though.

I'm sure Paul will enlighten us a little more Smile

We still use a catch all POP box at the ISP end and retreive from there and send via a smart host.

Trying to replace it with something *nix based that doesn't require 300MB of memory to run Very Happy

Author: pmidwest PostPosted: Thu Dec 12, 2002 4:40 pm    Post subject:
    ----
You guys have been alot of help and I thank you.
I shared some of the info you gave me with my boss and from that we came up with a plan. I asked him if he had a book on Exchange and he said no but he was going to pick one up for me so I'm gunna be learning as much as I can with in the weeks to come and I will be able to ask some more questions with out sounding like a total retard. Wink
Thank you again

Paul

PS. I'll be back Rolling Eyes

Author: INFOSECNYCLocation: Earth PostPosted: Thu Dec 19, 2002 10:16 pm    Post subject:
    ----
Try this link: MS Exchange Server Internet Connectivity and Security

Heres another: MS Exchange Server Security

And another: Securing Microsoft Exchange 5.5


Hope it helps! Wink



Networking/Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group