Re: TELNET and SMTP

From: A. Tom McFrog (theatomicfrog@gmail.com)
Date: Sun Jul 08 2007 - 13:37:10 EDT

• Next message: Levenglick, Jeff: "Re: TELNET and SMTP"
• Previous message: Richard Lane: "RE: TELNET and SMTP"
• In reply to: wymerzp@sbu.edu: "TELNET and SMTP"
• Next in thread: Levenglick, Jeff: "Re: TELNET and SMTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Zach,

    -----Original Message-----
    From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
    Behalf Of wymerzp@sbu.edu
    Sent: 07 July 2007 22:31
    To: pen-test@securityfocus.com
    Subject: TELNET and SMTP

    Hello all,

    I'm looking at a client's site and they have unprotected access to port 25
    (i.e . I can telnet to it and issue commands). When I attempt to send an
    email I get this message '553 Relaying is not supported'. My question is
    two-fold: 1)What could I do with the unprotected SMTP access if I can't send
    mail. 2)What purpose do you believe that the SMTP service provides? Does the
    SMTP simply recieve!?!? Thank you all, Zach

------------------------------------------------------------

I find your definition of 'unprotected access' to port 25 a flawed statement.

You state you received an error 553, which to me, would indicate that
the port is protected, to 'some' extent by the mail program's
configuration which listening on that port.

Have you attempted a look see to determine if the target has
implemented any sort of SASL prior to relaying emails from outside the
site's internal network?

<quote>
...snip...
 2)What purpose do you believe that the SMTP service provides? Does the
SMTP simply recieve!?!?
</quote>

You should follow up with reading at the VERY LEAST, RFC821, RFC2821
pertaining to SMTP, and RFC2554 pertaining to SMTP service extensions
for authentication. So you get some idea as to what you are asking.

Use your search engine of choice to find the documentation.

HTH

------------------------------------------
"Microsoft's biggest and most dangerous contribution to the software
industry may be the degree to which it has lowered user expectations."
  --OS/2 Magazine

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

• Next message: Levenglick, Jeff: "Re: TELNET and SMTP"
• Previous message: Richard Lane: "RE: TELNET and SMTP"
• In reply to: wymerzp@sbu.edu: "TELNET and SMTP"
• Next in thread: Levenglick, Jeff: "Re: TELNET and SMTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:56 EDT