RE: TELNET and SMTP

From: Russell Butturini (rbutturini@tcstech.com)
Date: Mon Jul 09 2007 - 17:46:42 EDT


Agreed 100%. There's nothing indicative of a problem here. The only
thing I see on a day to day basis is if the company is using an external
spam filtering service, but still accepting SMTP traffic from everywhere
instead of just the IPs of the spam filtering service, then they could
be subject to spammers/attackers bypassing the filters and not
maximizing the value of what they're paying the 3rd party to do; But
that's a very very specific case.
 

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Levenglick, Jeff
Sent: Monday, July 09, 2007 8:08 AM
To: Thomas W Shinder; pen-test@securityfocus.com
Cc: Deus, Attonbitus; Greg Mulholland; jim@isatools.org; Steve Moffat
Subject: RE: TELNET and SMTP

Thomas,

Why would you close port 25? Silly statement. Why is everybody thinking
that port 25 is unprotected when he got the 'standard' 553:no relay
message? Someone at least turned on a few relay options on the mail
configuration. (which is better then an open relay)

Btw.. Open relay would have been the correct term to use if he could
have sent an email instead of getting the no relay. (assuming that he
forged the from field..ect)

Best thing for him is to go to www.sendmail.org and read the FAQ's for
relay.

To be honest, I was worried about this statement:

"2)What purpose do you believe that the SMTP
> service provides? Does the SMTP simply recieve!?!? Thank you all,
Zach"

If he is passing himself off to a company as an experienced security
person and he does not know something simple as SMTP then I think he
needs to move on to something else.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Thomas W Shinder
Sent: Saturday, July 07, 2007 7:41 PM
To: pen-test@securityfocus.com
Cc: Deus, Attonbitus; Greg Mulholland; jim@isatools.org; Steve Moffat
Subject: RE: TELNET and SMTP

An unprotected port? You need to be very careful because "port
attackers" and do awful things to ports. That's why we do "port scans"
to look for "ports" we can take advantage of. That's why we have
"hardware" firewalls, because they allow us to "open" and "close"
"ports".

Let the software guyz worry about any services might be located behind
those "ports" -- remember the "hardware" firewalls will protect our
"ports"!

NOT.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)

 

> -----Original Message-----
> From: listbounce@securityfocus.com
> [mailto:listbounce@securityfocus.com] On Behalf Of wymerzp@sbu.edu
> Sent: Saturday, July 07, 2007 7:31 AM
> To: pen-test@securityfocus.com
> Subject: TELNET and SMTP
>
> Hello all,
>
> I'm looking at a client's site and they have unprotected
> access to port 25 (i.e. I can telnet to it and issue
> commands). When I attempt to send an email I get this message
> '553 Relaying is not supported'. My question is two-fold:
> 1)What could I do with the unprotected SMTP access if I can't
> send mail. 2)What purpose do you believe that the SMTP
> service provides? Does the SMTP simply recieve!?!? Thank you all, Zach
>
> --------------------------------------------------------------
> ----------
> This List Sponsored by: Cenzic
>
> Swap Out your SPI or Watchfire app sec solution for
> Cenzic's robust, accurate risk assessment and management
> solution FREE - limited Time Offer
>
> http://www.cenzic.com/wf-spi
> --------------------------------------------------------------
> ----------
>
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

-----------------------------------------
This e-mail message is private and may contain confidential or
privileged information.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:56 EDT