Welcome to WebmasterWorld Guest from 126.96.36.199
I run both an apache and an IIS web server so can write articles comparing the two platforms. It's interesting finding the differences, especially in the area of security.
Anyway, I installed a new email web server and decided (wisely) to spend some time making sure it was not an open relay. I was going to just assume it was fine ... good thing I didn't.
I went to abuse.net and ran their open relay checker. To my surprise, the email server failed the check! Spent two days pulling my hair out trying to figure out why unchecking the "relay mail" box still allowed email to be relayed.
Turned out I had SMTP loaded on my IIS server, and because it was a "trusted" source, it could receive emails, then forward them to my new email server, which assumed that since it was trusted it must know what it was talking about. Thus, the interplay between two email servers introduced a very unsuspected vulnerability...
Just thought this would be of interest. I always like to test my assumptions, and I further reinforced that concept in the last two days. The last thing I need is to have an open relay...
Thanks, RIchard Lowe
Security is paramount....its something I want to learn much more about.
OT, I go into yahoo chat, and the software that yahoo uses + IE makes me a sitting duck. Im sick of it ! In light these petty crimes against me, I'd love to see more about security on WMW, or related links :)
Rich...it sounds very interesting .....amazing to see how something along the lines of "a checked box" can mean life or death for a server.
I remember one kid started a website downloaded on a swimsuit site, and the downloader somehow got into a poorly protected admin area, and wound up deleting the entire customer database. The swimsuit company tried to sue him, but the judge decide it was not the kids fault. They, after all, left open an admin page...