|
|
You're in the
iis smtp nntp
group:Allowing relaying, but not opening a hole
iis smtp nntp:
COM to do it. This requires that you enable relaying, but that opens up a hole. How can I get this accomplished without getting hacked? I have ASPEmail installed (CDO was giving me problems), and I have to enable relaying to send mail. Is this just a huge paradox? If not, can you please let me know how to allow relaying, but not be vulnerable. Thanks, Drew Laing
And I lock this down on IIS or Exchange? Just checking, I am a programmer,
not so much administrator! Thanks, Drew [quoted text, click to view] "Jason Brown [MSFT]" <i-brjaso@online.microsoft.com> wrote in message news:OFT%23lcuKFHA.2936@TK2MSFTNGP15.phx.gbl... > Personally, I lock down the 'connection control' section so that only > 127.0.0.1 can connect at all. You can lock this down a few ways, but this > is the simplest, IMO. However it doesn't protect against malware running > on the local machine, which is a slight possibility in some > configurations. > > > -- > Jason Brown > Microsoft GTSC, IIS > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > "Drew" <drew.laing@NOswvtc.dmhmrsas.virginia.SPMgov> wrote in message > news:unrFm8mKFHA.2764@tk2msftngp13.phx.gbl... >> It seems to me that in order to send email using ASP that you have to >> have a COM to do it. This requires that you enable relaying, but that >> opens up a hole. How can I get this accomplished without getting hacked? >> I have ASPEmail installed (CDO was giving me problems), and I have to >> enable relaying to send mail. Is this just a huge paradox? If not, can >> you please let me know how to allow relaying, but not be vulnerable. >> >> Thanks, >> Drew Laing >> > >
Personally, I lock down the 'connection control' section so that only
127.0.0.1 can connect at all. You can lock this down a few ways, but this is the simplest, IMO. However it doesn't protect against malware running on the local machine, which is a slight possibility in some configurations. -- Jason Brown Microsoft GTSC, IIS This posting is provided "AS IS" with no warranties, and confers no rights. [quoted text, click to view] "Drew" <drew.laing@NOswvtc.dmhmrsas.virginia.SPMgov> wrote in message news:unrFm8mKFHA.2764@tk2msftngp13.phx.gbl... > It seems to me that in order to send email using ASP that you have to have > a COM to do it. This requires that you enable relaying, but that opens up > a hole. How can I get this accomplished without getting hacked? I have > ASPEmail installed (CDO was giving me problems), and I have to enable > relaying to send mail. Is this just a huge paradox? If not, can you > please let me know how to allow relaying, but not be vulnerable. > > Thanks, > Drew Laing >
On Wed, 16 Mar 2005 16:28:49 -0500, "Drew"
[quoted text, click to view] <drew.laing@NOswvtc.dmhmrsas.virginia.SPMgov> wrote: >It seems to me that in order to send email using ASP that you have to have a >COM to do it. This requires that you enable relaying, but that opens up a >hole. How can I get this accomplished without getting hacked? I have >ASPEmail installed (CDO was giving me problems), and I have to enable >relaying to send mail. Is this just a huge paradox? If not, can you please >let me know how to allow relaying, but not be vulnerable. If you need to relay, it's not due to any ASP requirement. The components, and CDO, send to a SMTP server. How that SMTP server reaches the destination is irrelevant. If the SMTP needs to relay, you lock it down by specifying systems to relay for. An IP range, a specific system, whatever. You can also force a login to a valid account.
I have IIS running on a Windows 2000 Server and Exchange 5.5 running on a
newly upgraded (note: upgraded, not fresh install which would have probably been better) Windows 2000 Server. Thanks, Drew [quoted text, click to view] "Jason Brown [MSFT]" <i-brjaso@online.microsoft.com> wrote in message news:elb9Mg0KFHA.3296@TK2MSFTNGP15.phx.gbl... > Do you have exchange running on the same machine, and what version? > > I think in Exchange 2k3 boxes you'd administer it from the 'protocols' > section of the exchange management tool. To be on the safe side, check in > both locations, IIS SM and Exchange SM. > > > -- > Jason Brown > Microsoft GTSC, IIS > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > "Drew" <drew.laing@NOswvtc.dmhmrsas.virginia.SPMgov> wrote in message > news:OrKM9mxKFHA.3076@tk2msftngp13.phx.gbl... >> And I lock this down on IIS or Exchange? Just checking, I am a >> programmer, not so much administrator! >> >> Thanks, >> Drew >> >> "Jason Brown [MSFT]" <i-brjaso@online.microsoft.com> wrote in message >> news:OFT%23lcuKFHA.2936@TK2MSFTNGP15.phx.gbl... >>> Personally, I lock down the 'connection control' section so that only >>> 127.0.0.1 can connect at all. You can lock this down a few ways, but >>> this is the simplest, IMO. However it doesn't protect against malware >>> running on the local machine, which is a slight possibility in some >>> configurations. >>> >>> >>> -- >>> Jason Brown >>> Microsoft GTSC, IIS >>> >>> This posting is provided "AS IS" with no warranties, and confers no >>> rights. >>> >>> "Drew" <drew.laing@NOswvtc.dmhmrsas.virginia.SPMgov> wrote in message >>> news:unrFm8mKFHA.2764@tk2msftngp13.phx.gbl... >>>> It seems to me that in order to send email using ASP that you have to >>>> have a COM to do it. This requires that you enable relaying, but that >>>> opens up a hole. How can I get this accomplished without getting >>>> hacked? I have ASPEmail installed (CDO was giving me problems), and I >>>> have to enable relaying to send mail. Is this just a huge paradox? If >>>> not, can you please let me know how to allow relaying, but not be >>>> vulnerable. >>>> >>>> Thanks, >>>> Drew Laing >>>> >>> >>> >> >> > >
Do you have exchange running on the same machine, and what version?
I think in Exchange 2k3 boxes you'd administer it from the 'protocols' section of the exchange management tool. To be on the safe side, check in both locations, IIS SM and Exchange SM. -- Jason Brown Microsoft GTSC, IIS This posting is provided "AS IS" with no warranties, and confers no rights. [quoted text, click to view] "Drew" <drew.laing@NOswvtc.dmhmrsas.virginia.SPMgov> wrote in message news:OrKM9mxKFHA.3076@tk2msftngp13.phx.gbl... > And I lock this down on IIS or Exchange? Just checking, I am a > programmer, not so much administrator! > > Thanks, > Drew > > "Jason Brown [MSFT]" <i-brjaso@online.microsoft.com> wrote in message > news:OFT%23lcuKFHA.2936@TK2MSFTNGP15.phx.gbl... >> Personally, I lock down the 'connection control' section so that only >> 127.0.0.1 can connect at all. You can lock this down a few ways, but this >> is the simplest, IMO. However it doesn't protect against malware running >> on the local machine, which is a slight possibility in some >> configurations. >> >> >> -- >> Jason Brown >> Microsoft GTSC, IIS >> >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >> "Drew" <drew.laing@NOswvtc.dmhmrsas.virginia.SPMgov> wrote in message >> news:unrFm8mKFHA.2764@tk2msftngp13.phx.gbl... >>> It seems to me that in order to send email using ASP that you have to >>> have a COM to do it. This requires that you enable relaying, but that >>> opens up a hole. How can I get this accomplished without getting >>> hacked? I have ASPEmail installed (CDO was giving me problems), and I >>> have to enable relaying to send mail. Is this just a huge paradox? If >>> not, can you please let me know how to allow relaying, but not be >>> vulnerable. >>> >>> Thanks, >>> Drew Laing >>> >> >> > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |