Re: [cobalt-users] Port 25 email via telnet exploit

["Mark Ward" <mark.ward@xxxxxxxxxxxxxx>]

people seem to be confusing telnet as an application with opening a TCP
connection. It just so happens that by issuing the telnet command followed
by a port tumber it will open a TCP connection to that destination port.
That is how SMTP works, all mail servers allow this or SMTP would not work.
Being an open relay is a completely different issue.
----- Original Message -----
From: "Danny Daniels" <dcd@xxxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>; <paul@xxxxxxxxxxxxxxxxxx>
Sent: Tuesday, June 04, 2002 4:27 PM
Subject: Re: [cobalt-users] Port 25 email via telnet exploit


>
> > At 11:01 PM 6/3/2002, you wrote:
> > >Paul Jacobs wrote:
> > >
> > > > Telnet is turned off on my boxes, but you can still get to port 25
via
> > > > telnet... just like you can telnet to port 80 of any webserver.
> > > > It's a huge hole that not may know about..
> > >
> > >Let's not confuse things any more than they already are, Paul.  I'm
> > >willing to bet you I can telent into your Windows SMTP server exactly
> > >the same way from your DOS prompt.  It's normal behavior.  If you
> > >couldn't connect to port 80, you couldn't see websites.  If you
couldn't
> > >connect to port 25, mail wouldn't work at all.
> >
> > Not true.
> >
> Paul,
>
> I may be reading this wrong, but I think your confused. Telnet to port 23
> and telnet to port 25 are entirly different things.
>
> Try the following of port 25 from a shell prompt or a dos prompt, it works
> just the same.
>
> # telnet 192.168.1.1 25  # IP address of SMTP server. 25 is for port 25
> # HELO
> # 250 ok
> # MAIL FROM: username@xxxxxxxxxx
> # 250 ok
> # RCPT TO: username@xxxxxxxxxx
> # 250 ok
> # DATA
> # .
>
> Just trying to help
>
> -Danny
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>