Results 1 to 7 of 7

Thread: Need Advice on MS Exchange

  1. #1
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Need Advice on MS Exchange

    On a recent assessment I found Nessus pop 11852. Manually testing the SMTP service I was unable to recreate the issue Nessus was reporting (relay). However, I was able to connect via SMTP and send mail as someone from the company (i.e.: admin@example.com) to other people in the company (i.e.: bob.smith@example.com).

    Is there a way to configure exchange so that if an email originates on a server from a "local" (or whatever you want to call it) user the sender needs to be authenticated to that server (or the AD)?

    Obviously everyone externally should be able to send to bob.smith@example.com (regular relay) but I need to prevent sending as admin@example.com or as Bob Smith himself to internal addresses.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  2. #2
    Junior Member g3ksan's Avatar
    Join Date
    Jan 2010
    Location
    Florida
    Posts
    93

    Default

    Quote Originally Posted by thorin View Post
    On a recent assessment I found Nessus pop 11852. Manually testing the SMTP service I was unable to recreate the issue Nessus was reporting (relay). However, I was able to connect via SMTP and send mail as someone from the company (i.e.: admin@example.com) to other people in the company (i.e.: bob.smith@example.com).

    Is there a way to configure exchange so that if an email originates on a server from a "local" (or whatever you want to call it) user the sender needs to be authenticated to that server (or the AD)?

    Obviously everyone externally should be able to send to bob.smith@example.com (regular relay) but I need to prevent sending as admin@example.com or as Bob Smith himself to internal addresses.
    Exchange Server: Stop Spam From the Inside by Locking Down SMTP

    Basically you need to shut off anonymous access to the virtual SMTP server and enable Windows Authentication.
    This is the sixth time we have created a thread about it... and we have become exceedingly efficient at it.

  3. #3
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    Zimbra ftw

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by operat0r View Post
    Zimbra ftw
    Completely useless post. He's talking about an installation that already exists and that needs to be configured properly. Changing out an enterprises email server with something else is not within reason.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    @g3ksan
    Thank you. I had tried searching for "Exchange ACL" and a few things like that but the results were far from userfriendly.

    @operat0r
    Thanks, but streaker hit the nail on the head. Recommending replacing complete parts of infrastructure that already exist just won't fly.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Junior Member g3ksan's Avatar
    Join Date
    Jan 2010
    Location
    Florida
    Posts
    93

    Default

    Quote Originally Posted by thorin View Post
    @g3ksan
    Thank you. I had tried searching for "Exchange ACL" and a few things like that but the results were far from userfriendly.
    So you're golden? Luckily I was doing something similar on our exchange server here so that users don't have to authenticate as "user@domain.local" when they logged into the webportal, so it was fresh on my mind.
    This is the sixth time we have created a thread about it... and we have become exceedingly efficient at it.

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by g3ksan View Post
    So you're golden?
    I think so.

    This is the recommendation I ended up making (their inbound and outbound servers are separate):
    Disable anonymous access to the SMTP server. Consult the following documents for further details.

    Exchange Server: Stop Spam From the Inside by Locking Down SMTP - Stop Spam From the Inside by Locking Down SMTP

    Controlling SMTP Relaying with Microsoft Exchange - Controlling SMTP Relaying with Microsoft Exchange

    Create a SPF record establishing smtpout.example.com (xxx.xxx.xxx.xxx) as the only valid sender of @example.com email; configure Exchange on inbound servers to use SenderID (Sender ID Home Page).
    If that's not specific enough for them, hopefully it at least sends them in the right direction.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •