[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Port 25 email via telnet exploit

Subject: Re: [cobalt-users] Port 25 email via telnet exploit
From: sm <sm@xxxxxxxxxxxx>
Date: Sun Jun 2 20:25:00 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Hi,
At 19:52 02-06-2002 -0600, Greg Hewitt-Long wrote:
>Why does port 25 allow email to be sent via telnet without validating user
login, domain etc?

This is not an exploit. :)  Your mail server allow you to relay though the
smtp port (25) as your IP is in the list of acceptable relays.

>I've changes the details to hide the IP etc, but needless to say, I got
the destination email - this is very scary!!  Needless to say, it's not
rocket science to setup a great big macro to send tons and tons of email
via a telnet session using a simple telnet program.

You can also use your favorite mail program to send tons and tons of emails
through your mail server. :)  There is nothing to be scared about.

>Any pointers as to how to lock this sucker down are greatly appreciated.

If you lock down the server, you will not be able to relay mail through it.

Regards,
-sm

Follow-Ups:
- Re: [cobalt-users] Port 25 email via telnet exploit
  - From: Greg Hewitt-Long

References:
- [cobalt-users] Port 25 email via telnet exploit
  - From: Greg Hewitt-Long

Prev by Date: Re: [cobalt-users] NO SDSL
Next by Date: [cobalt-users] Accepting email for User-ID@IP-Address
Previous by thread: Re: [cobalt-users] Port 25 email via telnet exploit
Next by thread: Re: [cobalt-users] Port 25 email via telnet exploit

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index