[Dshield] New Relay Exploit?

Chris Brenton cbrenton at chrisbrenton.org
Tue Jan 6 23:11:06 GMT 2004


On Tue, 2004-01-06 at 17:27, Sue Young wrote:
>
> In the past few days, someone has been able to relay through my site, even
> though whenever I test it from the abuse.net website, relaying
> seems to be blocked correctly. 

Based on your e-mail headers, it looks like you are running Exchange
5.5. There is a known bug with the SMTP MTA that allows people to spam
mail through your server. I believe it has to do with the guest account.
I also seem to remember its something that MS can't/will not fix so you
need to put an SMTP relay in front of the box to lock it down. 

A Google search should give you more answers. 

Have a nice day,
Chris





More information about the list mailing list