An outsider can hijack your Microsoft Exchange Server by penetrating SMTP. How bad is it?

If for some reason, you can’t immediately apply the fix, Microsoft wants you to make a few adjustments.

First, Microsoft wisely recommends that you “accept only authenticated connections. Accepting connections only from trusted sources will prevent anonymous attackers from being able to exploit this issue.” This of course will knock out 99% of the innocents who correspond with your organization.

Next, Microsoft suggests that you “Use a firewall to block the port that SMTP uses.” You cannot make this up. Microsoft recommends that, to protect your Microsoft Exchange SMTP Server, you block SMTP access. That oughta do it.

If you have only one Exchange Server, you can “unregister xlsasink.dll and fallback to Active Directory for distribution of route information.” Be careful. This can trigger headaches if you happen to use certain Microsoft-hawked features like automatic routing update. Microsoft warns this “result in an interruption of mail services.”

What are the chances you’re at risk? Excellent, if you’re running Microsoft Exchange Server 2003, Microsoft Exchange Server 2003 Service Pack 1 or Microsoft Exchange 2000 Server Service Pack 3. For once, Exchange Server 5.0 and 5.5 admins can rest easy.

Once you’re done jumping through hoops, it’s time to start solving your Microsoft SMTP security problem.

  1. Install a non-Microsoft email border security appliance, like trimMail Inbox.
  2. Set your firewall route all incoming SMTP traffic exclusively to your email appliance, instead of your Exchange Server.
  3. Follow Microsoft’s instructions and block all incoming SMTP traffic to your Exchange server.
  4. Adjust your Exchange settings to accept incoming SMTP traffic only from your email security appliance.

If you deploy a hot traffic shaper like the models mentioned above, you’ll see a massive reduction in unsolicted bulk email, phishing attacks and viruses. Your Microsoft Exchange Server’s workload will plummet.

Result: A safer, better protected email system, along with a stunning increase in your Microsoft Exchange Server’s ability to deliver only legitimate email your organization.

See for yourself at Microsoft Security Bulletin MS05-021: Vulnerability in Exchange Server.