Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Very Strange Windows Patch issue (Exchange enabled by patches?)
  •  
pcunix

Messages: 594
Karma: 33
Send a private message to this user
Customer called today saying they couldn't get outside mail. Webmail was still working and they could send mail to each other or outside, but nothing was coming in.

I verified that a telnet to their mailserver on port 25 failed instantly with "421 4.3.2 Service not available".

Interestingly, I could send mail using openssl s_client -connect theirmx:465 -crlf

Checking Services showed SMTP running.

Customer said

No changes were made prior to noticing not receiving mail, except for installing MS Updates yesterday afternoon. After that, no external email. We can, send/receive mail internally.

I've checked the router and firewall settings and the smtp port is open and forwarded correctly, I've checked our MX record and everything is the same there, I've checked the Mail Log in Kerio and the last external email that came through was at almost 9pm last night, and I've checked the Error Log in Kerio and the only errors are pertaining to the Archive.

I've uninstalled the updates to hopefully put the server back to it's previous state, but nothing.


I had her try a "telnet localhost 25" on the server. She said it connected, but when I asked her to read what it said, I was shocked to hear that it said "220 Microsoft ESMTP Ready"

Microsoft??? I had her go into computer services and yes, Exchange was running!

I had her stop and set startup to manual and all was well.

Could today's patches have enabled Exchange for some silly reason? Maybe, but if so, why would Kerio think it was listening on 25? It should have failed to start and known that it failed.

She's going to try the patches again. If Exchange stays disabled, I suppose another possibility is that she's been hacked and the hack enabled Exchange to use it?


Tony Lawrence
Kerio Preferred Partner and Reseller
Certified for Connect, Control
http://aplawrence.com
  •  
pcunix

Messages: 594
Karma: 33
Send a private message to this user
Customer just confirmed that the patches re-enabled Exchange!


Something to watch out for, i guess.

Tony Lawrence
Kerio Preferred Partner and Reseller
Certified for Connect, Control
http://aplawrence.com
Previous Topic: Moving single accounts to another system
Next Topic: KMSRecover says success but nothing restored
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 16:40:58 CEST 2017

Total time taken to generate the page: 0.00357 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.