[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Port 25 email via telnet exploit

Subject: Re: [cobalt-users] Port 25 email via telnet exploit
From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
Date: Sun Jun 2 20:06:48 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

GH> Date: Sun, 2 Jun 2002 19:52:11 -0600
GH> From: Greg Hewitt-Long

GH> Why does port 25 allow email to be sent via telnet without
GH> validating user login, domain etc?

That's how SMTP works, unless you get in to authentication
extensions.

It checks the IP address of the machine opening the connection.
If one of the allowed, it can send mail.  I did a few quick tests
by hand, and a relay attempt would NOT have succeeded.

For a relay good open-relay checkup, I'll need to search my
bookmarks and saved mail.  There's a host to which one can
telnet; it then will connect back to you on port 25 and check
extensively for relaying loopholes.


--
Eddy

Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.

References:
- [cobalt-users] Port 25 email via telnet exploit
  - From: Greg Hewitt-Long

Prev by Date: Re: [cobalt-users] Port 25 email via telnet exploit
Next by Date: RE: [cobalt-users] Port 25 email via telnet exploit
Previous by thread: RE: [cobalt-users] Port 25 email via telnet exploit
Next by thread: Re: [cobalt-users] Port 25 email via telnet exploit

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index