External Email Forwarding Fails - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: External Email Forwarding Fails

  1. #11
    Hijacked? I can see enabling email forwarding opening the door for overloading the server depending on how irresponsible/clueless users are, but how could a server be totally hijacked due to only that being enabled?

  2. #12
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Road:

    OWA is "slick"...

    It's also proved itself to me to be pretty darned secure, reliable and easy for about 18 months to 2 years now.... I really like it... Yes, it's a "hole" through to the exchange server... and therefore on inwards... and I was very leary over implementing it... But it has proved itself to be pretty solid... So I'll recommend it...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #13
    Senior Member
    Join Date
    Nov 2005
    Posts
    115
    If this is a corporate environment, you've gotta wonder that maybe that functionality was disabled because of policy...

    Personally, I would never forward corporate email to external addresses... esp not hotmail/yahoo. Give the guy remote access or use the exchange web client.

    Well thats my thoughts anyway... Sorry I can't help with the actual problem...

    ---

    My bad... had this thread open from 1 hour ago only just answered... please disregard!

  4. #14
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Hijacked? I can see enabling email forwarding opening the door for overloading the server depending on how irresponsible/clueless users are, but how could a server be totally hijacked due to only that being enabled?
    SMTP server is a full service running on the mail server. You can use internal mailboxes and just manipulate the SMTP commands to take multiple mail boxes say 10, and forward them to literally millions of mailboxes all over the world. Without EVER making it to the outlook client. This will hijack your server because legitimate corporate mail will not get sent. Not to mention it could eat all the network bandwidth so that legitimate users cannot get to the internet. And with that will come thousands if not millions of non delivery reports which will fill up the server hard drive to the point that exchange will not start, the server may not boot and if there isn't a decent backup the entire mail store could be lost through a corrupted exchange log. That is the definition of "hi-jack". In this way someone else tells your mail box to forward mail and controls the mail going through it. Just wait some spam bot will find it.

    OWA... Someday. I wouldn't house it off my core though. I would have to segregate the network to feel safe and sleep at night.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  5. #15
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I would have to segregate the network to feel safe and sleep at night.
    But in order to segregate _and_ allow the functionality you have to open almost a dozen ports from the DMZ to the trusted to allow it to work. I'll take the single port, (SSL - 443), direct to the trusted and not have to bother about monitoring so many ports and so many transactions per day... I just feel a little safer having that smaller "choke point"....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #16
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    I have been thinking of a cheap DSL line to house OWA. To segregate it a little. Or co-locate a mail server outside my core and connect remotely with only outgoing connections initiated on a new domain.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides