Friday, 25 December 2009

Exchange 2007 - Auth SMTP Spam Relay

If you have Authenticated SMTP enabled on the Exchange receive connector - there is the chance that the system can be used to crack user passwords and then to relay Spam through the server using a compromised user account.

To disable:

EMC > Server Config > Hub Trans > Receive Connectors
Open the properties for the Default receive connector - Authentication tab
Uncheck everything (Except Exchange Authentication if you need other servers to relay mail through this server)
On the Permission Groups tab
Uncheck everything except for Anonymous users (and Exchange Servers if other servers are relaying through this server).

This will cause the SMTP server to disallow authenticated SMTP and make it impossible to carry out this kind of attack.

No comments:

Post a Comment