Get the Lotus latest tips and tricks from the Yellowsphere here. Follow GROUP’s bloggers to learn about new products from IBM, creative development techniques, how to optimize your Lotus environment, and much more.
Chris Toohey: dominoGuru.com
It's a question that I've been wondering since the shift from Lotusphere (an event which was highly-technical developer and administration focused) to Connect (more management and enterprise social...
[[ This is a content summary only. Visit www.dominoGuru.com for full links, other content, and more! ]]
David Brown: Port 1352
Sometimes setting up a system to allow password authentication is less secure.
Ever notice activity like this on your SMTP-enabled Domino server?
SMTP Server: Authentication failed for user guest ; connecting host 220.127.116.11
SMTP Server: Authentication failed for user backup ; connecting host 18.104.22.168
Guess what... In this case, I am not happy that ec2-46-137-108-26.eu-west-1.compute.amazonaws.com (Amazon Web Services, Ireland) thinks they need to relay SMTP through my server.
If this hacker is able to guess a user login and password combo, they can relay whatever they want.
There is a quick fix that prevents these hacking attempts from ever succeeding at circumventing SMTP relay restrictions:
If you are not using Internet Site documents, set the following field to "No".
If you ARE using Internet Site docs, just change the following field to "No".
Want more info? Refer to the following: http://public.dhe.ibm.com/software/dw/lotus/SMTPAuthSpamFinal.pdf
Happy hacker snubbing!
Keith Smilie: Domiclipse
The Lotus Notes Workspace. Love it or hate it. Can't live with it, can't live without it. But don't get mad at it, get even! The screenshot below shows the aftermath of a napalm strike by Mary Beth on Ben and Volker. From a technical point of ...
GROUP's Blogger Policy
All opinions expressed in employee blogs are that of the employee and do not necessarily represent the opinion of GROUP Business Software, its management, subsidiaries, successors or assigns (hereinafter "the Company"). The Company does not review, approve or monitor the contents of any employee blog. The Company also disclaims any responsibility for the contents of any employee blog or your reliance on such contents.