| Author |
Message |
StuartM
Guest
|
 Posted:
Wed Jan 19, 2005 5:49 pm Post subject:
Exchange Server 2003: Disable ESMTP Verbs; ETRN,TURN and XEX |
|
|
We have just had a security audit on our network.
The potentially vulnerable ESMTP commands are: ETRN, TURN and XECH50.
Is it worth disabling these verbs in Exchange 2003? I have the MS Article,
but I'm reluctant to implement, as it could cause problems with other
exchange servers on my domain.
Could someone please give me some guideance as to why I should or shouldn't
do this?
Thanks
Stuart.
|
|
| Back to top |
|
 |
neo [mvp outlook]
Guest
|
| Posted:
Wed Jan 19, 2005 9:15 pm Post subject:
Re: Exchange Server 2003: Disable ESMTP Verbs; ETRN,TURN and |
|
|
Me personally, if I just paid for a security audit, I would ask them to
point the relevant information on why they think they the verbs are
"potentially" vulnerable. Then again, one could argue that any computer you
hook up to a network is "potentially" vulnerable to some type of exploit,
however being armed with the facts allows for sound decisions rather than
rash ones.
Outside of that, the only thing I can find for XEXCH50 verb is
http://www.microsoft.com/technet/security/bulletin/MS03-046.mspx. That only
effects Exchange 5.5 and 2000.
"StuartM" <StuartM@discussions.microsoft.com> wrote in message
news:4FE115A0-7291-4F1D-B9C4-7FCB725AF223@microsoft.com...
| Quote: | We have just had a security audit on our network.
The potentially vulnerable ESMTP commands are: ETRN, TURN and XECH50.
Is it worth disabling these verbs in Exchange 2003? I have the MS Article,
but I'm reluctant to implement, as it could cause problems with other
exchange servers on my domain.
Could someone please give me some guideance as to why I should or
shouldn't
do this?
Thanks
Stuart. |
|
|
| Back to top |
|
|
StuartM
Guest
|
| Posted:
Wed Jan 19, 2005 9:35 pm Post subject:
Re: Exchange Server 2003: Disable ESMTP Verbs; ETRN,TURN and |
|
|
The Security Audit team said: "This information is useful to a potential
attacker as it provides a clue to which software
type and version is being used (different types of Email server software
support different sets of ESMTP commands). Also, some of the functions
provided by the ESMTP commands may contain vulnerabilities, although some
commands are considered safe."
What if I was to remove the Header "Microsoft ESMTP MAIL Service" would this
be better than disabling some of the verbs???
Stuart
"neo [mvp outlook]" wrote:
| Quote: | Me personally, if I just paid for a security audit, I would ask them to
point the relevant information on why they think they the verbs are
"potentially" vulnerable. Then again, one could argue that any computer you
hook up to a network is "potentially" vulnerable to some type of exploit,
however being armed with the facts allows for sound decisions rather than
rash ones.
Outside of that, the only thing I can find for XEXCH50 verb is
http://www.microsoft.com/technet/security/bulletin/MS03-046.mspx. That only
effects Exchange 5.5 and 2000.
"StuartM" <StuartM@discussions.microsoft.com> wrote in message
news:4FE115A0-7291-4F1D-B9C4-7FCB725AF223@microsoft.com...
We have just had a security audit on our network.
The potentially vulnerable ESMTP commands are: ETRN, TURN and XECH50.
Is it worth disabling these verbs in Exchange 2003? I have the MS Article,
but I'm reluctant to implement, as it could cause problems with other
exchange servers on my domain.
Could someone please give me some guideance as to why I should or
shouldn't
do this?
Thanks
Stuart.
|
|
|
| Back to top |
|
|
neo [mvp outlook]
Guest
|
| Posted:
Wed Jan 19, 2005 10:00 pm Post subject:
Re: Exchange Server 2003: Disable ESMTP Verbs; ETRN,TURN and |
|
|
<lol> a nice basic and very safe statement of it could be bad or it could be
okay. it is up to the site to make the decision based on research. I still
think that a security company/expert doing the audit should be able to cite
relevant information on the why and therefore for whatever platform they
where hired to audit. IMHO, if they can't, I would only take the
information and thank them for pointing out things that "might" have been
overlooked and realize that some research needs to be done before making any
type of decision.
Anyway I digress.... I know of a lot of sites that change the SMTP banner.
Whether it is successful or not is anyones guess in keeping that bad guys at
bay. However if I see XEXCH50 when I do a basic Telnet/EHLO to port 25, I
know the site is running Exchange 5.5 or newer.
FWIW, I don't think disabling this verb is a good idea since it is used in
Exchange to Exchange communications, but then again, I don't work for the
site you are at and have no clue on what is appropriate w/out more
information.
http://support.microsoft.com/default.aspx?scid=kb;en-us;812455
"StuartM" <StuartM@discussions.microsoft.com> wrote in message
news:6BE86158-AA17-4785-B165-6015CA3BA2B7@microsoft.com...
| Quote: | The Security Audit team said: "This information is useful to a potential
attacker as it provides a clue to which software
type and version is being used (different types of Email server software
support different sets of ESMTP commands). Also, some of the functions
provided by the ESMTP commands may contain vulnerabilities, although some
commands are considered safe."
What if I was to remove the Header "Microsoft ESMTP MAIL Service" would
this
be better than disabling some of the verbs???
Stuart
"neo [mvp outlook]" wrote:
Me personally, if I just paid for a security audit, I would ask them to
point the relevant information on why they think they the verbs are
"potentially" vulnerable. Then again, one could argue that any computer
you
hook up to a network is "potentially" vulnerable to some type of exploit,
however being armed with the facts allows for sound decisions rather than
rash ones.
Outside of that, the only thing I can find for XEXCH50 verb is
http://www.microsoft.com/technet/security/bulletin/MS03-046.mspx. That
only
effects Exchange 5.5 and 2000.
"StuartM" <StuartM@discussions.microsoft.com> wrote in message
news:4FE115A0-7291-4F1D-B9C4-7FCB725AF223@microsoft.com...
We have just had a security audit on our network.
The potentially vulnerable ESMTP commands are: ETRN, TURN and XECH50.
Is it worth disabling these verbs in Exchange 2003? I have the MS
Article,
but I'm reluctant to implement, as it could cause problems with other
exchange servers on my domain.
Could someone please give me some guideance as to why I should or
shouldn't
do this?
Thanks
Stuart.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in