• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

SMTP Exploits

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
pmidwest
Just Arrived
Just Arrived


Joined: 11 Dec 2002
Posts: 0


Offline

PostPosted: Wed Dec 11, 2002 10:35 pm    Post subject: SMTP Exploits Reply with quote

Dose anyone have or know where I can get info on securing port 25?
And or Microsoft Exchange 5.5?

In an earlier post I found this...

Quote:
SMTP servers (esp. sendmail) are one of the favorite ways to break into systems because they must be exposed to the Internet as a whole and e-mail routing is complex (complexity + exposure = vulnerability).


And I would like to get any info I can to point me in the right direction to getting this port as tight as possible.

Any help would be greatly appreciated.

Thanks in advance.

Paul

Rolling Eyes
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Thu Dec 12, 2002 12:09 am    Post subject: Reply with quote

Well I tend to keep 25 totally blocked and only allow internal hosts to use the SMTP server, if you have to give external mail access give it using SSL web-mail or if you must POP3.

If you really need to give external access to port 25 make sure whatever you are running is totally patched and up to date, preferably IP mask it to the ranges that need to use it.

If not authentication will do, or it will be an open relay.

Keep the mail server in a DMZ if you plan to give external access aswell.
Back to top
View user's profile Send private message Visit poster's website
pmidwest
Just Arrived
Just Arrived


Joined: 11 Dec 2002
Posts: 0


Offline

PostPosted: Thu Dec 12, 2002 12:17 am    Post subject: Reply with quote

Up until recently our parent company has ran the mail server for everyone and now we are setting up our own mail server. Now the IT manager assigned me to research this and get him any info that could result in our servers being insecure because of the change. I believe we have to use SMTP (25) because of Outlook 5.5? But you suggest just patching it up with everything Microsoft offers for it?

Anything else that we could do to keep it secure?

Thanks again

Paul
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Thu Dec 12, 2002 12:20 am    Post subject: Reply with quote

Yeh but do you need to give access to the SMTP server over the Internet? That's not normal.

Every ISP provides you with an IP masked SMTP server for use while you are online with them.

That's what most people use.

You only need SMTP to relay to your ISP's smart host from your Internal network right?

And yeh patch to the max, if you are really worried about security don't use exchange, grab a copy of BSD or Slackware and stick Exim on there Very Happy
Back to top
View user's profile Send private message Visit poster's website
pmidwest
Just Arrived
Just Arrived


Joined: 11 Dec 2002
Posts: 0


Offline

PostPosted: Thu Dec 12, 2002 12:26 am    Post subject: Reply with quote

I'm not too sure about any of this. I dont know the first thing about mail servers. could you explane in a little more detail? If you have time that is

Thanks

Paul
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Thu Dec 12, 2002 12:32 am    Post subject: Reply with quote

pmidwest wrote:
I'm not too sure about any of this. I dont know the first thing about mail servers. could you explane in a little more detail? If you have time that is


Heh, no offence but why did your boss ask you to do this?

If you find out some more info about the situation, perhaps read a little about e-mail servers, how they work, what you require and how your e-mail server is going to work you will be better equipped to ask questions.

When you have a clear idea of what you need and any problems the situation may cause please post back.

Cheers!
Back to top
View user's profile Send private message Visit poster's website
pmidwest
Just Arrived
Just Arrived


Joined: 11 Dec 2002
Posts: 0


Offline

PostPosted: Thu Dec 12, 2002 12:57 am    Post subject: Reply with quote

Yeah I know... but I've been searching the net all day and havent come across anything about the isp providing an IP masked SMTP. You got me all excited... I thought I was getting some where and then you shot me down Hehe... but its all good. I understand where your coming from. I'll just keep looking around

Thanks

Paul
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Thu Dec 12, 2002 1:04 am    Post subject: Reply with quote

Well just find out from your boss what you need.

I'll give you an example..

Say I'm at home using dialupisp.com for my Internet access, even if I want to send mail from my work account I wont send via mail.work.com I'll send via smtp.dialupisp.com.

Every ISP provides SMTP access for it's users.

Generally you don't need to give external SMTP access, only POP3.

Keep reading Very Happy
Back to top
View user's profile Send private message Visit poster's website
SecWiz
Just Arrived
Just Arrived


Joined: 03 Dec 2002
Posts: 0


Offline

PostPosted: Thu Dec 12, 2002 12:34 pm    Post subject: SMTP and port 25 Reply with quote

Hi Paul,

From what I can gather from the previous posts you are trying to set up your own mail server.

You will have to open port 25 to give access to the Exchange server. How else are you going to receive mail.

Yes, you can have an ISP "mailbag" your mail, but you still need to retrieve it. This was a popular solution for dialup connections. (or as a secondary host incase your primary server goes down)

You can't use authentication for SMTP, except if you collect mail from your ISP

Hope this makes sense,
Back to top
View user's profile Send private message Visit poster's website
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Thu Dec 12, 2002 12:43 pm    Post subject: Reply with quote

Well yeh if you are setting the MX records for the domain to the IP of the Exchange box.

Not sure what the plan is though.

I'm sure Paul will enlighten us a little more Smile

We still use a catch all POP box at the ISP end and retreive from there and send via a smart host.

Trying to replace it with something *nix based that doesn't require 300MB of memory to run Very Happy
Back to top
View user's profile Send private message Visit poster's website
pmidwest
Just Arrived
Just Arrived


Joined: 11 Dec 2002
Posts: 0


Offline

PostPosted: Thu Dec 12, 2002 4:40 pm    Post subject: Reply with quote

You guys have been alot of help and I thank you.
I shared some of the info you gave me with my boss and from that we came up with a plan. I asked him if he had a book on Exchange and he said no but he was going to pick one up for me so I'm gunna be learning as much as I can with in the weeks to come and I will be able to ask some more questions with out sounding like a total retard. Wink
Thank you again

Paul

PS. I'll be back Rolling Eyes
Back to top
View user's profile Send private message
INFOSECNYC
Just Arrived
Just Arrived


Joined: 16 Oct 2002
Posts: 0
Location: Earth

Offline

PostPosted: Thu Dec 19, 2002 10:16 pm    Post subject: Reply with quote

Try this link: MS Exchange Server Internet Connectivity and Security

Heres another: MS Exchange Server Security

And another: Securing Microsoft Exchange 5.5


Hope it helps! Wink
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register