New relay problem

TheMSsForum.com: The Microsoft Software Forum

Hey All,
Someone posted last week about a new technique used by spammers. I clicked
on the link and got the wonderful "page cannot be displayed"".

Does anyone have the link or an alternate...???

tia
Top

Re: New relay problem by Javier

Javier
Mon Jul 21 07:37:57 CDT 2003

Buzz,

Wayne Site:
http://shorterlink.com/?OFH1FF

Vamsoft:
http://www.vamsoft.com/orf/authattack.asp

Is that is?

-Javier

"Buzz Lightyear" <squeaker123@hotmail.com> wrote in message
news:OQTwpO4TDHA.212@TK2MSFTNGP10.phx.gbl...
> Hey All,
> Someone posted last week about a new technique used by spammers. I
clicked
> on the link and got the wonderful "page cannot be displayed"".
>
> Does anyone have the link or an alternate...???
>
> tia
>
>


Top

Re: New relay problem by Javier

Javier
Mon Jul 21 07:49:08 CDT 2003

Ok... that was a fast response!!!

4 minutes before you posted your question !!!

:-)


"Javier Gomez" <javier_gomez@remove-this-bit.engineer.com> wrote in message
news:uOWWrT4TDHA.3188@tk2msftngp13.phx.gbl...
> Buzz,
>
> Wayne Site:
> http://shorterlink.com/?OFH1FF
>
> Vamsoft:
> http://www.vamsoft.com/orf/authattack.asp
>
> Is that is?
>
> -Javier
>
> "Buzz Lightyear" <squeaker123@hotmail.com> wrote in message
> news:OQTwpO4TDHA.212@TK2MSFTNGP10.phx.gbl...
> > Hey All,
> > Someone posted last week about a new technique used by spammers. I
> clicked
> > on the link and got the wonderful "page cannot be displayed"".
> >
> > Does anyone have the link or an alternate...???
> >
> > tia
> >
> >
>
>


Top

Re: New relay problem by Buzz

Buzz
Mon Jul 21 09:37:22 CDT 2003

Thanks!

Weak passwords....guest account....I was hoping for something a bit more
exciting...


"Javier Gomez" <javier_gomez@remove-this-bit.engineer.com> wrote in message
news:O5k36Z4TDHA.3024@tk2msftngp13.phx.gbl...
> Ok... that was a fast response!!!
>
> 4 minutes before you posted your question !!!
>
> :-)
>
>
> "Javier Gomez" <javier_gomez@remove-this-bit.engineer.com> wrote in
message
> news:uOWWrT4TDHA.3188@tk2msftngp13.phx.gbl...
> > Buzz,
> >
> > Wayne Site:
> > http://shorterlink.com/?OFH1FF
> >
> > Vamsoft:
> > http://www.vamsoft.com/orf/authattack.asp
> >
> > Is that is?
> >
> > -Javier
> >
> > "Buzz Lightyear" <squeaker123@hotmail.com> wrote in message
> > news:OQTwpO4TDHA.212@TK2MSFTNGP10.phx.gbl...
> > > Hey All,
> > > Someone posted last week about a new technique used by spammers. I
> > clicked
> > > on the link and got the wonderful "page cannot be displayed"".
> > >
> > > Does anyone have the link or an alternate...???
> > >
> > > tia
> > >
> > >
> >
> >
>
>


Top

Re: New relay problem by Frank

Frank
Mon Jul 21 18:03:16 CDT 2003

Ok Buzz.....

How about the Pre-windows 2K authentication with the anonymous user
problems that could probably be exploited in the same manner or at least
allow someone to tiptoe through the Tulips of YOUR Network??

If your not aware of these issues and there ajoining caveats then you should
be fairly concerned.


Frank Clark


On 21-Jul-2003, "Buzz Lightyear" <squeaker123@hotmail.com>, spat forth
48 lines on "Re: New relay problem":

> Thanks!
>
> Weak passwords....guest account....I was hoping for something a bit more
> exciting...
>
>
> "Javier Gomez" <javier_gomez@remove-this-bit.engineer.com> wrote in
> message
> news:O5k36Z4TDHA.3024@tk2msftngp13.phx.gbl...
> > Ok... that was a fast response!!!
> >
> > 4 minutes before you posted your question !!!
> >
> > :-)
> >
> >
> > "Javier Gomez" <javier_gomez@remove-this-bit.engineer.com> wrote in
> message
> > news:uOWWrT4TDHA.3188@tk2msftngp13.phx.gbl...
> > > Buzz,
> > >
> > > Wayne Site:
> > > http://shorterlink.com/?OFH1FF
> > >
> > > Vamsoft:
> > > http://www.vamsoft.com/orf/authattack.asp
> > >
> > > Is that is?
> > >
> > > -Javier
> > >
> > > "Buzz Lightyear" <squeaker123@hotmail.com> wrote in message
> > > news:OQTwpO4TDHA.212@TK2MSFTNGP10.phx.gbl...
> > > > Hey All,
> > > > Someone posted last week about a new technique used by spammers. I
> > > clicked
> > > > on the link and got the wonderful "page cannot be displayed"".
> > > >
> > > > Does anyone have the link or an alternate...???
> > > >
> > > > tia
> > > >
> > > >
> > >
> > >
> >
> >
Top

Re: New relay problem by Buzz

Buzz
Mon Jul 21 20:13:58 CDT 2003

<ouch>

no offense intended....
"Frank Clark" <Frank@designs-by-design.net> wrote in message
news:OIehnu9TDHA.2180@TK2MSFTNGP10.phx.gbl...
> Ok Buzz.....
>
> How about the Pre-windows 2K authentication with the anonymous user
> problems that could probably be exploited in the same manner or at least
> allow someone to tiptoe through the Tulips of YOUR Network??
>
> If your not aware of these issues and there ajoining caveats then you
should
> be fairly concerned.
>
>
> Frank Clark
>
>
> On 21-Jul-2003, "Buzz Lightyear" <squeaker123@hotmail.com>, spat forth
> 48 lines on "Re: New relay problem":
>
> > Thanks!
> >
> > Weak passwords....guest account....I was hoping for something a bit more
> > exciting...
> >
> >
> > "Javier Gomez" <javier_gomez@remove-this-bit.engineer.com> wrote in
> > message
> > news:O5k36Z4TDHA.3024@tk2msftngp13.phx.gbl...
> > > Ok... that was a fast response!!!
> > >
> > > 4 minutes before you posted your question !!!
> > >
> > > :-)
> > >
> > >
> > > "Javier Gomez" <javier_gomez@remove-this-bit.engineer.com> wrote in
> > message
> > > news:uOWWrT4TDHA.3188@tk2msftngp13.phx.gbl...
> > > > Buzz,
> > > >
> > > > Wayne Site:
> > > > http://shorterlink.com/?OFH1FF
> > > >
> > > > Vamsoft:
> > > > http://www.vamsoft.com/orf/authattack.asp
> > > >
> > > > Is that is?
> > > >
> > > > -Javier
> > > >
> > > > "Buzz Lightyear" <squeaker123@hotmail.com> wrote in message
> > > > news:OQTwpO4TDHA.212@TK2MSFTNGP10.phx.gbl...
> > > > > Hey All,
> > > > > Someone posted last week about a new technique used by spammers.
I
> > > > clicked
> > > > > on the link and got the wonderful "page cannot be displayed"".
> > > > >
> > > > > Does anyone have the link or an alternate...???
> > > > >
> > > > > tia
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >


Top

Re: New relay problem by Javier

Javier
Tue Jul 22 07:08:41 CDT 2003

Kathy,

> a) do I need an incoming port 25 filter in ISA? If I change it, will POP3
> still work? I'd really like to close 25 completely as badmail fills up
with
> NDRs from ISPs open relay tests.

You can close port 25 and 110 inbound.

> b) If I wanted to restrict relaying by IP address, would the POP3
connector
> still work if I specified just the internal address of the server - can't
> specify external, as it is a dynamic IP on a dial-up modem.

First, the POP3 connector doesn't care if you relay or not... if you are on
dynamic IP or not. The POP3 connector only retrieves your mail from your ISP
each 15 minutes... relaying is done by SMTP which is inmediate. SMTP can
accept mail from the internet and relay it to another SMTP server or
distribute it using DNS.

If you need to relay by IP address (and you are talking about people on the
web... not inside the LAN) you will need to open port 25 again and you need
to specify your external IP address (your internal should be private... so
it will be unreachable). To do this you need a Dynamic DNS service like TZO.

HIH,

Javier


Top

Re: New relay problem by Kathy

Kathy
Tue Jul 22 07:45:48 CDT 2003

Sorry, I didn't phrase the question very well. I know how POP3 works, and
how SMTP works in general - and by telnet ;-) What I don't understand is how
the hand over from the POP3 connector to Exchange proper works. Can you
point me to a link to somewhere that explains it?

What I wanted to know is, if I clear the "Allow all computers which
successfully authenticate, regardless of the list" check box and specify IP
addresses that are allowed to relay, is the internal subnet all I need to
put in or do I need 127.0.0.1 also or anything else?

Wayne's article says "We disabled the SMTP Server services' ability to relay
for anyone other than the internal IP subnet and external network card
regardless of authentication "

Cheers.

"Javier Gomez" <javier_gomez@remove-this-bit.engineer.com> wrote in message
news:u1Cd%23nEUDHA.2148@TK2MSFTNGP11.phx.gbl...
> Kathy,
>
> > a) do I need an incoming port 25 filter in ISA? If I change it, will
POP3
> > still work? I'd really like to close 25 completely as badmail fills up
> with
> > NDRs from ISPs open relay tests.
>
> You can close port 25 and 110 inbound.
>
> > b) If I wanted to restrict relaying by IP address, would the POP3
> connector
> > still work if I specified just the internal address of the server -
can't
> > specify external, as it is a dynamic IP on a dial-up modem.
>
> First, the POP3 connector doesn't care if you relay or not... if you are
on
> dynamic IP or not. The POP3 connector only retrieves your mail from your
ISP
> each 15 minutes... relaying is done by SMTP which is inmediate. SMTP can
> accept mail from the internet and relay it to another SMTP server or
> distribute it using DNS.
>
> If you need to relay by IP address (and you are talking about people on
the
> web... not inside the LAN) you will need to open port 25 again and you
need
> to specify your external IP address (your internal should be private... so
> it will be unreachable). To do this you need a Dynamic DNS service like
TZO.
>
> HIH,
>
> Javier
>
>


Top