Prev: Upgrading to 2010.
Next: How to Test a Relay
From: Chaplain Doug on 1 Apr 2010 16:09
I have reason to believe that my Exchange Server is being used to relay spam
and that this was made possible by someone stealing or guessing one of our
users' login info. If I go into the Active Directory and set each user to
require a password change upon next login, what will happen when the violator
next tries to relay an email through using the stolen credentials. Will the
required password change stop him from doing so?

As an ancillary question. If someone does steal credentials, how does he
then use them to relay through our server? Is it as simple as some command
line info put on the email like username=xxxxx, password=xxxxx?
--
Dr. Doug Pruiett
Good News Jail & Prison Ministry
www.goodnewsjail.org
From: Rich Matheisen [MVP] on 1 Apr 2010 21:28
On Thu, 1 Apr 2010 13:09:01 -0700, Chaplain Doug
<ChaplainDoug(a)discussions.microsoft.com> wrote:

>I have reason to believe that my Exchange Server is being used to relay spam
>and that this was made possible by someone stealing or guessing one of our
>users' login info. If I go into the Active Directory and set each user to
>require a password change upon next login, what will happen when the violator
>next tries to relay an email through using the stolen credentials. Will the
>required password change stop him from doing so?

Can't say. I've never tried that.

>As an ancillary question. If someone does steal credentials, how does he
>then use them to relay through our server? Is it as simple as some command
>line info put on the email like username=xxxxx, password=xxxxx?

The SMTP client sends "EHLO" and your server, if it allows
authenticated sessions, sends back one or more keywords and
parameters. The client pick an acceptable method to use and sends the
appropriate command and data (usually an AUTH command).
---
Rich Matheisen
MCSE+I, Exchange MVP
From: SG_Dan on 9 Apr 2010 17:42
I would also suggest you enable message tracking on the server so you have
better information, like the senders credentials and originating IP.

Is relay something you really need on a perimeter facing server?

"Rich Matheisen [MVP]" wrote:

> On Thu, 1 Apr 2010 13:09:01 -0700, Chaplain Doug
> <ChaplainDoug(a)discussions.microsoft.com> wrote:
>
> >I have reason to believe that my Exchange Server is being used to relay spam
> >and that this was made possible by someone stealing or guessing one of our
> >users' login info. If I go into the Active Directory and set each user to
> >require a password change upon next login, what will happen when the violator
> >next tries to relay an email through using the stolen credentials. Will the
> >required password change stop him from doing so?
>
> Can't say. I've never tried that.
>
> >As an ancillary question. If someone does steal credentials, how does he
> >then use them to relay through our server? Is it as simple as some command
> >line info put on the email like username=xxxxx, password=xxxxx?
>
> The SMTP client sends "EHLO" and your server, if it allows
> authenticated sessions, sends back one or more keywords and
> parameters. The client pick an acceptable method to use and sends the
> appropriate command and data (usually an AUTH command).
> ---
> Rich Matheisen
> MCSE+I, Exchange MVP
> .
>
 | 
Pages: 1
Prev: Upgrading to 2010.
Next: How to Test a Relay