Announcement

Collapse
No announcement yet.

Relay פתוח בExchange 2003

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Relay פתוח בExchange 2003

    למרות שסגרתי את הריליי לשליחה של יוזרים של המערכת - ממשיכים ספאמרים לשלוח דרכי ספאמים.
    מה יכולה להיות דרך הכניסה שלהם, בדקתי בMetaBase של ה-IIS ולא מצאתי שום הגדרה שפותחת את הריליי (בעבר כבר מצאתי פירצה שם וסגרתי אותה -RelayIpList )
    הבעיה התחילה לאחר ששידרגתי מ2000- ל 2003 האם יש קשר?
    אגב - התקנתי SP1 על ה2003 כי חשבתי שזה יפתור את זה אבל זה לא
    תודה רבה מראש

    רני

  • #2
    In English please.
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Daniel,
      Aren't you Israeli?
      Is there is any problem to submit issues here in Hebrew?
      Thanks

      Comment


      • #4
        Originally posted by pascal1
        Daniel,
        Aren't you Israeli?
        Is there is any problem to submit issues here in Hebrew?
        Thanks
        Its about standardization. Perhaps you should read the forum rules and guidelines - http://forums.petri.com/viewtopic.php?t=1228

        Originally posted by Forum rules and guidelines
        Please do not post hacking/cracking questions here.

        Please do not ask for License Keys (sorry if you "lost yours").

        Please please please try and use a brain when asking a question. Nobody in the world can help you if you don't explain yourself. A few sentences will probably get you a reply of a few words.

        Please use ENGLISH as the only language here.

        Please utilize Daniel's site http://petri.com see if your question has already been answered by one of Daniel's excellent walkthroughs.
        Andrew

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Exactly, thanks Ahinson. It's not about what language I speak, it's all about the community we're trying to build. You want to talk to me in Hebrew? Please post your questions on the Microsoft-Israel forums, there I usually answer in the Exchange forum.
          Cheers,

          Daniel Petri
          Microsoft Most Valuable Professional - Active Directory Directory Services
          MCSA/E, MCTS, MCITP, MCT

          Comment


          • #6
            and.....

            there also people from other countries which they possible can help you..
            so more advantage about support....

            if daniel doesn't know the answer then maby someone else from a non-hebrew country does..
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              So, what is the point of asking me, when I registered, what laguage my board would be?

              Comment


              • #8
                Anyway , my question was:
                What are all the possibilities of open relay?
                I have limited the relay to be used by my users ONLY and I checked the IIS MetaBase registry that no other user defined there, but spammers are still sending spam mail through my server
                How can it be?
                It started when I upgrade the Exchange server to 2003 - from 2000, any connection to the upgrade (new feature that I dont know?)
                I can see the spammer on the SMTP Current Sessions , but I only can see the machine name of him - In Exchange 2000 I use to see the user name that sending through the relay, is there is any way to see the user name instead of the machine name?

                Thank you very much

                Comment


                • #9
                  By default Integrate Windows Authentication is enabled, unfortunately by enabling "Allow all computers which successfully authenticate to relay, regardless of the list above" you're giving a potential spammer the ability to use brute force password cracking techniques against your server's built in accounts (everyone knows the built-in user names so they only need to guess the password). Once compromised - let the spamming begin (watch your outbound queue). Read the article for some tips.

                  I suggest that you not enable relay unless you absolutely need it. If you do need it, create a group specifically for this purpose. Also, evaluate relay on a per user basis and add users to this special purpose group to allow access. Within Exchange allow relay to the group you've create only, this should help limit the ability for someone to attempt to crack built-in account passwords.

                  You could alternatively turn off Integrated Windows Authentication, but if you're replicating your Exchange database to multiple servers it can cause problems. (You'll see items in the event log with Exchange xexch50 protocol errors)


                  Remember:

                  Relay is unnecessary for OWA and for the normal funcationality of Exchange, its only real use is for POP3 users who use an ISP with no SMTP mail server. Which isn't likely these days.

                  http://www.winnetmag.com/MicrosoftEx...ook_40507.html
                  Andrew

                  ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                  Comment

                  Working...
                  X