February 22, 2011

Shutting down an SMTP AUTH Relay attack

We recently had a client whose Exchange Server (configured by another I.T. company, mind you) was continously being blacklisted with no immediately identifiable cause. Our first responders checked the normal stuff and verified that the server was not an open relay in any obvious way. At the time I jumped in on the support ticket, the server did not have the proper logging enabled, so we couldn't see exactly what was occuring.

Red Flags and the Value of Experience

One of the things I hear often said, and something I subscribe to as well, is the idea that a lot of technical knowledge in the world of IT ...