Security Basics mailing list archives
Re: mail server vulnerability
From: Patrick J Kobly <patrick () kobly com>
Date: Fri, 20 Feb 2009 11:28:34 -0700
praveen_recker () sify com wrote:
Hi Abhishek, You can try connecting to the SMTP server using telnet,say c:/>telnet smtp_ip 25 this should not be successful....so system admins should block TELNET to SMTP servers.
Wha'? So... if an MTA / MX cannot be connected to on port 25, how exactly will it do its job? (Or are you suggesting that the server should be able to magically tell that it's being connected to by telnet, rather than by another MTA / MUA?) The OP was talking about the ability to send mail anonymously. Part of what the OP was asking was how to test if the mail server is an open relay. http://www.abuse.net/relay.html Is a great tool for testing this. Probably want to verify as well, for mail servers that are relaying mail from your internal network (MSA), that they require auth before relaying (POP before SMTP or SMTP AUTH) even on messages relayed from your internal network... This is where the discussion around sending email with telnet might be helpful, though the use of mail(1) in a *NIX environment would do just as well...
If successful this gives u the banner. Based upon version and vendor search for any exploits available for free (refer milw0rm, metasploit etc) if u have commercial tools(coreimpact, saint etc) it's well and good. If u are good at Perl develop ur own script and start sending attacks by changing USER names, DOMAIN names etc to overly long strings, format specifiers etc.
Don't really know that exploitation of bugs is quite what the OP was looking for, so much as misconfiguration of the MTA/MX/MSA... PK -- Patrick Kobly, CISSP T: 403-274-9033 C: 403-463-6141 F: 866-786-9459 56 388 Sandarac Dr NW Calgary, Alberta T3K 4E3 http://www.kobly.com
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Re: mail server vulnerability, (continued)
- Re: Re: mail server vulnerability ryancol (Feb 10)
- Re: mail server vulnerability Ansgar Wiechers (Feb 10)
- Re: Re: mail server vulnerability praveen_recker (Feb 20)
- Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: Re: mail server vulnerability greimer (Feb 20)
- Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: mail server vulnerability Patrick J Kobly (Feb 20)
- Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: Re: mail server vulnerability ryancol (Feb 10)
- Re: Re: mail server vulnerability Balakrishnan B (Feb 20)