MessageThis is something I sent to someone offlist. I've strpped out his name, etc. -------------------------- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.2mbit.com ICQ: 8077511 ----- Original Message ----- From: Brian Bruns To: XXXXX Cc: admins@2mbit.com Sent: Friday, October 10, 2003 11:35 AM Subject: Re: New mail blocks result of Ralsky's latest attacks? Hey XXX, There are a few ways to lock down an Exchange server. Luckily, I used to be an Exchange admin two years ago, so let me quickly dig up my notebook... Ok, first, make sure on your exchange server you have Guest disabled. According to reports, the following usernames are being tested and cracked: abc, web, admin, www, administrator, data, server, backup, master, test, root, webmaster. Basically, if you have any of these accounts active, please make sure they have a strong password on them. Please be careful though when changing them - you'll have to make sure that all services which depend on the account also are updated with the new password. Second, if you don't use SMTP auth, simply disable it. Open the SMTP virtual server properties under Exchange Server Manager, select the Access tab, click Relay in the Relay restrictions group. Clear the check off of "Allow all computers which successfully authenticate, regardless of the list above" You should be in good shape then. On a side note (and I do recommend this to my customers), if you want added security, yeah, you are going to want to use a UNIX/Linux box in front of the exchange server and then relay mail to it. That way, you are less likely to fall victim to Exchange exploits as well. Its not too hard to setup, but takes time. -------------------------- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.2mbit.com ICQ: 8077511