?
Solved

Sending emails to internal clients even with autheticaion turned on. Possiable spam Vulnerability

Posted on 2007-03-21
8
Medium Priority
?
177 Views
Last Modified: 2010-04-20
While testing my pop3 protocol on my exchange 2003 server i noticed that even with authetication on my virtual smtp server i still can use my email address from any rogue my machine and send emails to my self. The authetication will stop it if i try and send them to someone else. I noticed that if I send them via smtp to my self though (external) via outlook express client. Is there a way to turn on securtiy even for my own addresses??
0
Comment
Question by:nexcool
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 10

Expert Comment

by:Phadke_hemant
ID: 18766379
use integrated windows authentication and remove anonymous access, this should be sufficient
0
 

Author Comment

by:nexcool
ID: 18766483
for some reason when i turn anonymous access of then no one can send to my server
0
 
LVL 10

Expert Comment

by:Phadke_hemant
ID: 18766829
ok then turn ON plain text type for authentication and turn off anonymous access
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 18768245
Phadke_hemant - you need to learn how Exchange works.
Both of your answers above are wrong, and despite being told by the original poster that turning off anonymous stops email from flowing you continued to suggest it.

Having anonymous authentication enabled does not make your server a relay and if you want to receive email from outside then it has to be enabled.

If you have messages in the queues that are not sent by your users then you should look at my spam clean up article: http://www.amset.info/exchange/spam-cleanup.asp
That will reference other articles on my site on how to secure Exchange.

Exchange is relay secure out of the box, so you must have changed something.
The other thing it could be is an authenticated relay, where your administrator password has been compromised. The spam clean up article will help you with securing that as well.

Simon.
0
 
LVL 10

Expert Comment

by:Phadke_hemant
ID: 18777199
on my exchange server i have turned off anonymous access and using plain text for authentication. Its working fine for my case thats why i suggested it.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18783346
Phadke_hemant - So how do you receive emails from the internet? Does your email come in from another server? You cannot receive email from outside of your network unless you have anonymous turned on.

Simon.
0
 
LVL 10

Expert Comment

by:Phadke_hemant
ID: 18784096
no, we are not receiving mails through Exchange server. Instead we have configured MS outlook to receive the mails using POP3 account. But I can receive the mails in exchange if I configure POP3 connector.
here nexcool want to stop spam Vulnerability for outgoing mails so i suggested him this solution
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18784187
If you are collecting email with Outlook and not having Exchange delivered directly,
then your "fix" doesn't really apply in this scenario.

While your solution is valid for stopping spam, it also stops all email. It worked for you because you are not using Exchange as it is designed.

POP3 collection of email is a pretty poor solution for any email client - and isn't something I would call enterprise grade.

You also have confused the POP3 connector with the POP3 server. They are different things. The question led me to believe that the OP is using the POP3 server functionality of Exchange, not the POP3 connector.

Simon.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses
Course of the Month14 days, 1 hour left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question