[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Re: Port 25 email via telnet exploit
- Subject: [cobalt-users] Re: Port 25 email via telnet exploit
- From: Charlie Summers <charlie@xxxxxxxxxx>
- Date: Sun Jun 2 20:13:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Gentlemen;
Everyone calm down. Take a deep breath. There...feel better? Good.
At 9:52 PM -0400 6/2/02, Greg Hewitt-Long queried:
> I've changes the details to hide the IP etc, but needless to say, I got
> the destination email - this is very scary!! Needless to say, it's not
> rocket science to setup a great big macro to send tons and tons of email
> via a telnet session using a simple telnet program.
Well, gee, of COURSE you got the mail. You're SUPPOSED to be able to send
mail.
At 10:03 PM -0400 6/2/02, ISEE Multimedia attempted to help and instead
further muddled the issue with:
> How about turning telnet off!! There is plenty you can do in telnet without
> login in!! if you know how.
>
> You should install and use SSH instead!
(*sigh*)
Apples and oranges. Of COURSE you can connect with a telnet application to
port 25...how exactly do you think SMTP works, anyhow? (Turning your telnet
daemon off will obviously have no effect on this, since it's the sendmail
daemon that is listening for connections on port 25. That's how it WORKS, for
pity's sake. Go ahead...assuming you have telnet turned off, connect to your
server on port 25 with your telnet application. You'll get something like:
220 yourmachine.tld ESMTP Sendmail 8.9.3/8.9.3; Sun, 2 Jun 2002 22:12:48 -0400
...which is sendmail's standard welcome to inbound connections.)
If you can relay by telnetting to port 25 of a machine, you can also relay
by using an email application to send the mail. If, as I suspect, Mr.
Hewitt-Long has POP Before SMTP set up and he checked one for mail from
whatever IP he's on, of COURSE he can send mail through a direct telnet
session to port 25 of the machine. He's SUPPOSED to be able to do so, since
his IP has been validated. Doesn't matter if he uses raw IP packets, a telnet
application, an email client, or anything more advanced than smoke signals,
he SHOULO be able to send mail through his server once his IP is validated
with a POP session.
If I'm wrong, and he doesn't have POP Before SMTP running, then anyone can
send mail through his SMTP server using telnet, an email client, _or_
spamware, and he's running an open relay. But the telnet application ain't
got nuthin' to do with it...the problem is on the SERVER.
But good grief, how exactly do you think people _test_ sendmail? We telnet
into it and TALK to it, for pity's sake!
This is not an "exploit," for heaven's sake, it's the way email ALWAYS
works. Please head immediately to sendmail.org to educate yourselves about
email before using words like "exploit" which will needlessly concern others
who don't quite understand it, or sounding an alarm that leaving telnet on
opens a mail exploit (a bunch of _others,_ maybe, but nothing on port 25).
Sheesh.
Charlie