[Dshield] New Relay Exploit?
security at admin.fulgan.com
Wed Jan 7 10:56:09 GMT 2004
SY> I'm on Exchange 5.5 SP4 running on Win2k SP4. I think I have all Exchange
SY> hotfixes available. I recently
SY> rebuilt the server and patched it to the hilt - there haven't been any major
SY> releases since I rebuilt it.
Check your SMTP log: that's where the truth is. First, make sure SMTP
is set to full loging. Then wait a bit to catch a few messages and
then have a look at the log. My bet is that you have a weak
username/password combo on your server and that it's being exploted.
if you see stange AUTH requests in SMTP, then use a base-64 decoder to
isolate what username/password has a problem.
Stephane mailto:security at admin.fulgan.com
More information about the list