open relay on Exchange 2000

  • From: "Scot Bickell"<maplesoft@xxxxxxxxxxxxx>
  • To: exchangelist@xxxxxxxxxxxxx
  • Date: Wed, 04 Sep 2002 14:49:05 -0700

We have recently set up Exchange 2000. We wanted to make sure we did not have
any open relays and followed the instructions given in Mark Fugatt's article:
"Understanding Relaying and Spam with Exhange 2000."  

Testing with the telnet session is successful, however, if a spammer really
wants to use our server, all they need  to do is setup an Outlook Express
client with a bogus email address, tell OE to authenticate to our smtp server
and provide a bogus username and password and the email will be relayed.  

I do not know what we missed, but we must have missed something.  If anyone
has any ideas, we would greatly appreciated them.


Other related posts: