• RSS
  • Twitter
  • FaceBook

Security Update for Exchange 2003 Server

A recipient filtering configuration has been discovered that can make your Exchange 2003 server susceptible to directory harvesting attacks.
Amit Zinman photo
  • Published: Jan 24, 2005
  • Updated: Jan 24, 2005
  • Section: General
  • Author:
  • Company: Internet Gold
  • Printable Version
  • Adjust font size: + -
  • Rating: 2/5 - 1 Votes

If you select Filter recipients who are not in the Directory check box when you configure recipient filtering and if someone tries to send an e-mail to an address which does not exist in your Active Directory, the connection is dropped. While this eases the load on your server and helps with some attacks it also allows for an attacker to easily guess your internal e-mail addresses by going through the alphabet.

There are ways to block this at the Firewall level but now Microsoft provides a patch that allows you to block this kind of attack at the SMTP level by causing the SMTP engine to wait a configurable amount of seconds (Microsoft recommends 5) before dropping the connection. This is enough to make an alphabet type attack (called "directory harvesting") ineffective.

The patch is not yet available for download but you can obtain it freely through Microsoft PSS. If your Firewall, incoming mail relay or anti-spam package can thwart directory harvesting attacks then you need not deploy this patch.

For more information:
http://support.microsoft.com/?kbid=842851



 

About Amit Zinman

Amit Zinman photo Currently working as Project Manager and Systems Consultant, heading and consulting on Exchange and NT/Windows 2000 based migrations and deployments for large companies such as Checkpoint, Comverse, Smarteam, Nice, Aladdin and leading Israeli Banks, Also involved in writing scripts and custom solutions for clients based on ADSI, CDO and Visual Basic and teaching Windows 2000 and Exchange 2000 in MSCE colleges and lecturing in Microsoft User Groups.

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on MSExchange.org! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update. Sign up to the MSExchange.org Monthly Newsletter, written by Exchange Expert Henrik Walther, containing news, the hottest tips, Exchange links of the month and much more. Subscribe today and don't miss a thing!



Receive all the latest articles by email!

Receive Real-Time & Monthly MSExchange.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an MSExchange.org member!

Discuss your Exchange Server issues with thousands of other Exchange experts. Click here to join!

Readers' Choice

Which is your preferred OWA Addon solution?