Re: [cobalt-users] Port 25 email via telnet exploit

[Greg Hewitt-Long <greg@xxxxxxxxxxxxxxxxxxx>]

>Hi,
>At 19:52 02-06-2002 -0600, Greg Hewitt-Long wrote:
>>Why does port 25 allow email to be sent via telnet without validating user
>login, domain etc?
>
>This is not an exploit. :)  Your mail server allow you to relay though the
>smtp port (25) as your IP is in the list of acceptable relays.


Thanks - I emailed the list (like Mark at ISEE Multimedia, after a few drinks), in response to a "panic" email from a client.  I also forgot we've added a bunch of "extra" relay domains to the mail server too, so one of my tests actually wasn't on the server, but was relayed anyway - then I panicked and email the list.

>
>>I've changes the details to hide the IP etc, but needless to say, I got
>the destination email - this is very scary!!  Needless to say, it's not
>rocket science to setup a great big macro to send tons and tons of email
>via a telnet session using a simple telnet program.
>
>You can also use your favorite mail program to send tons and tons of emails
>through your mail server. :)  There is nothing to be scared about.


It would be if the destination was unknown to me, and the relaying is supposed to have been locked down to addresses we host only (plus the very important domain not on that box we also relay for - which caused me to get worried I had a problem).


> >Any pointers as to how to lock this sucker down are greatly appreciated.
>
>If you lock down the server, you will not be able to relay mail through it.


It already is - thanks though... I really should NOT touch servers after drinking... ;{)




thanks to all who told me I was getting excited over nothing... aint no big thang... ! ;{)
-- 
http://www.webyourbusiness.com/
Providers of E-Commerce Software &
Web Design Consultancy and Services.
PH: (970)266-0195 FAX: (970)266-0158