Posted on 2009-12-28
Hello Experts. I have recently started scanning my external network and all seems to be well except one potentially big problem. I have tried to remedy this on my own, but I am obviously missing something. Here is what I see:
An open SMTP relay is running on this port. Risk:
TCP Port: 25
The remote SMTP server is insufficiently protected against relaying.
This means that it allows spammers to use your mail server to send
their mails to the world, thus wasting your network bandwidth.
Nessus was able to relay mails by sending those sequences :
MAIL FROM: <email@example.com>
RCPT TO: <firstname.lastname@example.org>
Reconfigure your SMTP server so that it cannot be used as a relay any more.
I see this with a third-party scan, as well as, my own scans with Nessus. I have looked at the relays in Exchange 2007 and they are all internally assigned to internal IPs. The only IP that could possibly be allowing this traffic is our spam filter which sits between the Exchange server and the firewall. Of course, we then have the firewall sitting between that spam filter and the outside world.
Port 25 is used as the standard. What should I be looking for in relation to Nessus being able to relay with my server? I am not sure how this is happening being that all relays (10 or so) are setup for individual apps within the corporation.
Any help would be greatly appreciated.