Port 25 vulnerability

Rose, Bobby brose at MED.WAYNE.EDU
Fri Jan 30 15:59:21 GMT 2004

I don't about anyone else but I've used telnet as a diag tool for investigating smtp problems.   It allows you to see the responses in realtime when you type in the proper smtp commands.  I use ehloe, mail from, and recpt to quite a bit when testing.  You can telnet to practically any port you want it.  It just a matter of what the server daemon does with the commands given to it.

From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance
Sent: Friday, January 30, 2004 10:06 AM
Subject: Re: Port 25 vulnerability

telnet hostname 25 doesn't talk to the telnet server, it talks to the smtp server.  You cannot prevent this.  If you block port 25, you cannot receive mail. What you can do is prevent relaying.

        -----Message d'origine-----
        De : taz [mailto:taz at AZTEK-ENG.COM]
        Envoyé : Friday, January 30, 2004 10:05 AM
        Objet : Port 25 vulnerability
        I have a question about mail and port 25 in general.  I know that this is really not on the mailscanner subject so if I don't get an answer that is ok.  There are lots of servers that accept email, but don't allow you to telnet to port 25.  Since port 25 is a port that mail talks on how does one secure this port to only allow email to talk to it and not allow the "telnet hostname 25" action.  I know in this case telnet is disabled on the mail server.  Sorry for being so dopey on this one.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040130/0a3df532/attachment.html

More information about the MailScanner mailing list