sparkythepinhead
asked on
exchange 200s
My SBS 2003 has been hacked so I have decided to just rebuild it. What can I do in the future to try and avoid this. My ISP mentioned restricting port 25 from all computers except the server? I have a sonicwall 2040.
In what way did it get hacked?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Inforce strong passwords on your LAN. You can configure this through Group Policy. Make sure that any AD users account that are not in use are disabled. Also, this applies for any guest accounts on the domain and locally on all PCs. Your ISP is correct advising you block port 25 LAN - WAN bar the Server. This will stop any spam or viruses on that on PCs from sending out via the internet. Make sure to configure the relaying options in Exchange. This is how SBS2003 servers have been hacked in my experience. Hackers have used an account on the Domain to Authenticate with Exchange and then started relaying spam emails. I turned on Authentication logging in Exchange and found the AD account they were using. They were able to hack the AD account because of weak passwords.
Read this article from Microsoft. It will provide a good insight on relaying in Exchange 2003.
http://support.microsoft.com/kb/895853
Read this article from Microsoft. It will provide a good insight on relaying in Exchange 2003.
http://support.microsoft.com/kb/895853