Port 25 vulnerability

Randal, Phil prandal at HEREFORDSHIRE.GOV.UK
Fri Jan 30 16:06:41 GMT 2004

I'd guess the only way to differentiate is timing.

When you telnet in, there's some delay before you send any commands.


Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Bill Omer
> Sent: 30 January 2004 16:02
> Subject: Re: Port 25 vulnerability
> The only thing I can think of to do this would have to be done on the
> packet level.  Something could be made that monitors traffic
> on port 25.
> There would have to be a difference in the packets generated by an MUA
> vs packets generated by a telnet client.  Based on that information, a
> connection could be dropped when it's triggered.  I guess it could be
> possible to use tcpdump to do this, if there is a difference in the
> packets.
> -B
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of taz
> Sent: Friday, January 30, 2004 9:05 AM
> Subject: Port 25 vulnerability
> I have a question about mail and port 25 in general.  I know that this
> is really not on the mailscanner subject so if I don't get an answer
> that is ok.  There are lots of servers that accept email, but don't
> allow you to telnet to port 25.  Since port 25 is a port that
> mail talks
> on how does one secure this port to only allow email to talk to it and
> not allow the "telnet hostname 25" action.  I know in this case telnet
> is disabled on the mail server.  Sorry for being so dopey on this one.
> Thanks,
> Travis

More information about the MailScanner mailing list