In fact, at least one attack using a proprietary Exchange Server verb has already been enumerated.
That said, it doesn't make sense to block all the custom Exchange Server verbs that are used in this context, since that can break needed functionality.
Exchange Server uses three proprietary verbs: X-EXPS, X-LINK2STATE and XEXCH50. None of these Exchange Server verbs are as well-documented as they could be, and they are often blocked by firewalls or proxies that aggressively manage SMTP/POP3 traffic.
When this happens, a number of symptoms can manifest:
- Exchange servers can't authenticate each other.
- Seemingly commonplace commands are responded to with the 500 Unrecognized command error or one of its analogues.
- Normal commands produce completely unexpected responses.
One of the most common offenders creating these issues is the Cisco's PIX firewall software, specifically their Mailguard feature. Since it allows only seven basic SMTP commands and no custom Exchange Server verbs to travel in either direction, it has been implicated in creating numerous problems with Exchange server communications. Symantec's Raptor Firewall has also been a culprit.
In short, any firewall or proxy that screens SMTP/POP3 verbs needs to be given a careful once-over when used with Exchange Server.
About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter.
Do you have comments on this tip? Let us know.
Related information from SearchExchange.com:
Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.
This was first published in October 2006