SMTP on Win2k unsecure

  • Thread starter Thread starter Jason Pace
  • Start date Start date
J

Jason Pace

I'm using Win2k Small Business with Exchange 2000.
Recently I've had a problem with spammers using one of my
servers for relaying messages. I was sure I had all the
settings correct and after consulting many sites and
people have confirmed that I have open relay disabled,
but allow relay for authenticated users.

So, as a test I do the following in telnet:
open mydomain.com 25
ehlo mydomain.com
auth login
jppace <-- I mistyped my login
<-- I hit enter on a blank password
Authentication Successful!

I was able to send relay emails after this.

I tried it about a dozen times to be sure... when I
telnet into port 25 I can auth using any invalid login
with a blank password (jpace with a blank password failed
because jpace has a password defined). I looked around
for a patch or fix to this, but I haven't found one. Is
there one?
 
Hi,

I don't use SMTP on Win2k at present, but there used to be a form you
could complete on the Microsoft security site and they would respond
pretty quick and test your theory. Might be worth a look.
 
Back
Top