[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Port 25 email via telnet exploit

Subject: Re: [cobalt-users] Port 25 email via telnet exploit
From: "Gordon." <root@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon Jun 3 10:00:23 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Sun, 2 Jun 2002, Greg Hewitt-Long wrote:

> I searched the archives briefly, but found nothing directly relating to it...
> 
> Why does port 25 allow email to be sent via telnet without validating user login, domain etc?

Because the connecting address was the local loop back address , eg
localhost, which is implicitly allowed to relay, otherwise you wouldn't be
able to deliver mail in the machine.

Internal interfaces tend to be trusted somewhat in unix ;P

If you are managing to do this from outside the machine, that's a whole
different problem.

> 501 Syntax error in parameters scanning "FROM"
> mail from: fred@xxxxxxxx
> RCPT 250 fred@xxxxxxxxxxx Sender ok

What version of sendmail is on that machine? This is a bug...

It's supposed to reply with a state error, someone else mentioned that bug
a while back, it also causes reject problems for the access file

503 Need MAIL before RCPT

Is what it should have replied, instead, it's treating
your 'from' address as if it was <> and accepting a bounce

ps: remember, if either the target address is local, you aren't
(open) relaying ;)

gsh

References:
- [cobalt-users] Port 25 email via telnet exploit
  - From: Greg Hewitt-Long

Prev by Date: RE: [cobalt-users] Port 25 email via telnet exploit
Next by Date: [cobalt-users] Re: Port 25 email via telnet exploit
Previous by thread: Re: [cobalt-users] Port 25 email via telnet exploit
Next by thread: Re: [cobalt-users] Port 25 email via telnet exploit

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index