[Dshield] New Relay Exploit?

Stephane Grobety security at admin.fulgan.com
Wed Jan 7 10:56:09 GMT 2004


SY> I'm on Exchange 5.5 SP4 running on Win2k SP4. I think I have all Exchange
SY> hotfixes available.  I recently
SY> rebuilt the server and patched it to the hilt - there haven't been any major
SY> releases since I rebuilt it.

Check your SMTP log: that's where the truth is. First, make sure SMTP
is set to full loging. Then wait a bit to catch a few messages and
then have a look at the log. My bet is that you have a weak
username/password combo on your server and that it's being exploted.
if you see stange AUTH requests in SMTP, then use a base-64 decoder to
isolate what username/password has a problem.

Good luck,
stephane

-- 
Best regards,
 Stephane                            mailto:security at admin.fulgan.com




More information about the list mailing list