Remove From My Forums

Exchange server support vulnerable smtp commands

Question
0

Sign in to vote

Hi team,

We are using Exchange server 2016 with high availability at our company. Everything works fine.. We have been visited by auditors and among their findings they said our email server supported vulnerable mail server commands such as HELO, EHLO,etc.

From my understanding these are "built in" commands used to communicate between mail client and smtp server for sending and receiving emails, am I wrong?....Is there a way to disable these commands being used?If yes what are the impacts of doing so?

Thank you guys..

---KISWAGARA

Someone from +255

Saturday, March 18, 2017 8:02 AM

Answers

0

Sign in to vote
Hi team,

We are using Exchange server 2016 with high availability at our company. Everything works fine.. We have been visited by auditors and among their findings they said our email server supported vulnerable mail server commands such as HELO, EHLO,etc.

From my understanding these are "built in" commands used to communicate between mail client and smtp server for sending and receiving emails, am I wrong?....Is there a way to disable these commands being used?If yes what are the impacts of doing so?

Thank you guys..

---KISWAGARA

Someone from +255

Your auditors need to calm down. No, you can't disable those and if they are suggesting you do, then I would ask for your money back.
Exchange 2007 reaches end of life on April 11th. What’s your plan to move?
- Marked as answer by Kiswagara Saturday, March 18, 2017 12:32 PM
Saturday, March 18, 2017 12:27 PM

All replies

0

Sign in to vote
Hi team,

We are using Exchange server 2016 with high availability at our company. Everything works fine.. We have been visited by auditors and among their findings they said our email server supported vulnerable mail server commands such as HELO, EHLO,etc.

From my understanding these are "built in" commands used to communicate between mail client and smtp server for sending and receiving emails, am I wrong?....Is there a way to disable these commands being used?If yes what are the impacts of doing so?

Thank you guys..

---KISWAGARA

Someone from +255

Your auditors need to calm down. No, you can't disable those and if they are suggesting you do, then I would ask for your money back.
Exchange 2007 reaches end of life on April 11th. What’s your plan to move?
- Marked as answer by Kiswagara Saturday, March 18, 2017 12:32 PM
Saturday, March 18, 2017 12:27 PM
0

Sign in to vote

Hey Andy,

Are these commands really vulnerable?

Wednesday, March 22, 2017 10:31 AM
0

Sign in to vote

all commands are vulnerable

Wednesday, March 22, 2017 11:51 AM
0

Sign in to vote

Hello,

It is absolutely possible to turn off the SMTP commands.Exchange server support this.Microsoft recommended support is here

https://support.microsoft.com/en-us/help/257569/how-to-turn-off-esmtp-verbs-in-exchange-2000-server-and-in-exchange-se

If you needed further support please do not hesitate to ask.

Saturday, January 6, 2018 9:22 AM
0

Sign in to vote

Hello,

It is absolutely possible to turn off the SMTP commands.Exchange server support this.Microsoft recommended support is here

https://support.microsoft.com/en-us/help/257569/how-to-turn-off-esmtp-verbs-in-exchange-2000-server-and-in-exchange-se

If you needed further support please do not hesitate to ask.

No its not. That only disables ESMTP, and there is no reason to do that except when the other server doesn't support the verbs, not because there is a vulnerability.

Saturday, January 6, 2018 12:16 PM
0

Sign in to vote

you probably have anonymous enabled our your default connector

Wednesday, January 10, 2018 2:05 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Exchange server support vulnerable smtp commands

Question

Answers

All replies