RE: open relay on Exchange 2000

  • From: "Mark Fugatt" <mark@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 4 Sep 2002 17:49:59 -0400

They cannot just make up a username and password, it has to be a real
username and password.

Mark Fugatt
Pentech Office Solutions Inc
Tel:  585 586 3890
Fax: 585 249 0316
Cell: 585 576 4750
Visit for valuable information about Microsoft Exchange

-----Original Message-----
From: maplesoft@xxxxxxxxxxxxx [mailto:maplesoft@xxxxxxxxxxxxx]
Sent: Wednesday, September 04, 2002 5:49 PM
To: [ExchangeList]
Subject: [exchangelist] open relay on Exchange 2000

We have recently set up Exchange 2000. We wanted to make sure we did not
any open relays and followed the instructions given in Mark Fugatt's
"Understanding Relaying and Spam with Exhange 2000."

Testing with the telnet session is successful, however, if a spammer really
wants to use our server, all they need  to do is setup an Outlook Express
client with a bogus email address, tell OE to authenticate to our smtp
and provide a bogus username and password and the email will be relayed.

I do not know what we missed, but we must have missed something.  If anyone
has any ideas, we would greatly appreciated them.


You are currently subscribed to this Discussion List as:
To unsubscribe send a blank email to

Other related posts: