Hello, Microsoft Group, We have a few vulnerabilities on our servers. We have a PCI audit coming up and they are asking to upgrade the SMTP server, or All modern SMTP servers reject the TURN command for security reasons. Upgrade to a newer SMTP server version. You should also disable the ETRN and ATRN commands unless you have a good reason for using them. The original SMTP specification described a "TURN" command that allows the roles of server and client to be reversed in a session. When a client issues the "TURN" command, the server "turns around" and sends any queued mail for that domain to the client, essentially treating the client as an SMTP server. The "TURN" command is obsolete and insecure. It specifies no authentication mechanism, allowing a single user from a domain to retrieve all queued mail for that domain (for all users). Modern SMTP servers reject the "TURN" command for these reasons. A replacement for "TURN" command, called "ETRN", has been Error! Hyperlink reference not valid.to rectify some of the security problems with "TURN". However, this proposal is not without its own security problems. how can i disable the ETRN and ATRN commands. please help me on this. Thanks.

what smtp do you use? for exchange 2k/2k3, see this article http://support.microsoft.com/kb/257569

Hi, Thanks for posting here, I think the folks here might be able to answer your question, http://social.technet.microsoft.com/Forums/en-us/category/exchangeserver http://social.technet.microsoft.com/Forums/en-us/category/exchange2010 -- Mike Burr

Hello, and thanks for lending a hand, unfortuntely, that KB article does not really help me out. since the article only applies to Exchange 2000 and 2003, I am working with and Exchange 2010 system, can you tell me how to turn the ETRN and ATRN commands off using 2010. Thank you for all your assistance on this urgent matter.

Hi, For Exchange Server 2010 issues, please discuss them in this forum: http://social.technet.microsoft.com/Forums/en/exchange2010/threads Tim Quan