RE: TELNET and SMTP

From: Shenk, Jerry A (jshenk@decommunications.com)
Date: Sat Jul 07 2007 - 14:26:58 EDT

• Next message: StaticRez: "Re: TELNET and SMTP"
• Previous message: Hans-J. Ullrich: "Re: TELNET and SMTP"
• In reply to: wymerzp@sbu.edu: "TELNET and SMTP"
• Next in thread: StaticRez: "Re: TELNET and SMTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

A box with "unprotected access to port 25" is a mail server. And, it
looks like it's configured to block relays....that's a good thing. Set
up a mail server in your lab and experiment with it a bit. Also look at
the SMTP RFCs to find out what the valid commands are. This really
isn't a security problem (or at least nothing you've stated indicates
that) but learning how to manually send an e-mail message and test a
mail server is a valuable skill for any IT professional.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of wymerzp@sbu.edu
Sent: Saturday, July 07, 2007 8:31 AM
To: pen-test@securityfocus.com
Subject: TELNET and SMTP

Hello all,

I'm looking at a client's site and they have unprotected access to port
25 (i.e. I can telnet to it and issue commands). When I attempt to send
an email I get this message '553 Relaying is not supported'. My question
is two-fold: 1)What could I do with the unprotected SMTP access if I
can't send mail. 2)What purpose do you believe that the SMTP service
provides? Does the SMTP simply recieve!?!? Thank you all, Zach

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------




**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

• Next message: StaticRez: "Re: TELNET and SMTP"
• Previous message: Hans-J. Ullrich: "Re: TELNET and SMTP"
• In reply to: wymerzp@sbu.edu: "TELNET and SMTP"
• Next in thread: StaticRez: "Re: TELNET and SMTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:55 EDT