J
Jason Pace
I'm using Win2k Small Business with Exchange 2000.
Recently I've had a problem with spammers using one of my
servers for relaying messages. I was sure I had all the
settings correct and after consulting many sites and
people have confirmed that I have open relay disabled,
but allow relay for authenticated users.
So, as a test I do the following in telnet:
open mydomain.com 25
ehlo mydomain.com
auth login
jppace <-- I mistyped my login
<-- I hit enter on a blank password
Authentication Successful!
I was able to send relay emails after this.
I tried it about a dozen times to be sure... when I
telnet into port 25 I can auth using any invalid login
with a blank password (jpace with a blank password failed
because jpace has a password defined). I looked around
for a patch or fix to this, but I haven't found one. Is
there one?
Recently I've had a problem with spammers using one of my
servers for relaying messages. I was sure I had all the
settings correct and after consulting many sites and
people have confirmed that I have open relay disabled,
but allow relay for authenticated users.
So, as a test I do the following in telnet:
open mydomain.com 25
ehlo mydomain.com
auth login
jppace <-- I mistyped my login
<-- I hit enter on a blank password
Authentication Successful!
I was able to send relay emails after this.
I tried it about a dozen times to be sure... when I
telnet into port 25 I can auth using any invalid login
with a blank password (jpace with a blank password failed
because jpace has a password defined). I looked around
for a patch or fix to this, but I haven't found one. Is
there one?