Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mail Server Flaw Opens MS Exchange to Spam

Posted by Cliff on from the close-those-guest-account dept.

bl8n8r writes: " Exchange 5.5 and 2000 can be used by spammers to send anonymous e-mail. He says even though software Microsoft provides on its site certifies that the server is secure, it's not. There are dozens of messages--with subject lines such as 'Open relay problem' and 'We are sending spam?'--on Microsoft's Exchange Administration newsgroup, sent by information system managers who haven't been able to staunch the flow of spam from their servers. 'It is really inexcusable for a company that claims security is its top priority,' he said." If you are using vulnerable versions of Exchange, and have been hit by a Code Red variant, you may want to insure your 'guest' accounts are still disabled.

5 of 487 comments (clear)

  1. This Just In... by E-Rock · · Score: 5, Insightful

    Misconfigured servers are vulnerable to exploit allowing relaying. Film at 11.

    Granted, the bigger question is why is there a guest account at all, since you're not supposed to ever enable it.

  2. Read the fine article. by Anonymous Coward · · Score: 5, Insightful
    Please read the article. This is not a flaw in exchange, but a flaw in the server configuration. The feature is generally disabled but might have been enabled if the server in question had been infected with a virus.


    To put it bluntly: Administrators who do not secure servers after a virus infection are not the victims of a Microsoft security hole, but the cause of this particular problem.


    Quote: "The guest account is a way for administrators to let visitors use a mail server anonymously, but because of security issues, the feature is generally not enabled. Exchange servers that had been infected by the Code Red worm and subsequently cleaned will still have the guest account enabled, Greenspan said. "

    1. Re:Read the fine article. by NightSpots · · Score: 5, Insightful

      Then configure exchange not to allow the guest account to send email. Yes, you can set exchange to disallow sending email on a user by user level.

      Real exchange admins already know all this. The people being hit by this "vulnerability" are the same morons who got hit by Code Red. That should tell you something.

      --

      --
      Use Vobbo for Video Blogs
  3. Re:Actually not just MS by ldspartan · · Score: 5, Insightful

    Maybe you're confusing qmail with a poorly configured, non-DJB-endorsed SMTP AUTH layer?

    If thats not the case, well, what you're saying makes no sense.

  4. Re:Are you INSANE? by Cally · · Score: 5, Insightful
    > Find me a linux app that can parse sendmail logs and let me go through
    > and say "show me all of the messages sent through server x that were
    > to or from user y", and then print the results with "to", "from",
    > "subject", and delivery status?
    >

    *application*? You're joking, right? This is a shell one-liner ffs...


    $ grep logfile [serverIP] | grep userX | grep userY | awk '{$2 $4 $6 $8}'

    - off the top of my head, and without sight of the logfile format, but that's roughly how you'd do it. And thanks to the power of the GPL, some nice people have actually written software to allow you to do this on Windows (namely, Cygwin) and it's available now, free of charge.


    You're welcome.

    --
    "None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe