Re: mail server vulnerability

["Atilla Remote Support" <info () atilla dhs org>]

I don't now how it got fixed.
It was not possible for me to fake a mta manually 
by telnetting to the ip and port 25 and then write 
a mail from root to an existing user.
But it was some time ago, maybe Kerio checked it 
by a helo timeout setting.

I'm glad my thoughts were correct about port 25 
that it should be open and not closed like Praveen 
said.
Thank you all for the answers!

----- Original Message ----- 
From: "Patrick J Kobly" <patrick () kobly com>
To: "Atilla Remote Support" <info () atilla dhs org>
Cc: <greimer () fccc edu>; 
<security-basics () securityfocus com>
Sent: Friday, February 20, 2009 9:28 PM
Subject: Re: mail server vulnerability


If I had to bet, I'd bet that the setup segregated 
MSA functionality
from MTA functionality...  So outbound clients 
have to relay using
Submission (on port 587), requiring SMTP AUTH, 
while 25 is exposed on
the MX to the outside world to accept inbound 
mail.  So, while you may
not be able to connect to 25 on the server 
providing MSA functionality
(or from an internal network), equipment on the 
net needs to be able to
connect to your MX's 25 (and so could telnet to 
the MX's port 25, which
it sees as exactly the same as a mail server 
connecting to it).

PK

Atilla Remote Support wrote:
> Yes, that's what I thought too.
>
> However, I had installed Kerio mailserver once 
> and
> I don't know how it was done, but manual telnet
> access was not possible and mailserver to
> mailserver access was.
>
> Anyway, I wondered if it was possible to protect
> this because Praveen wrote it. Seemed strange to
> me to, but i'm not an expert so for me it's 
> better
> to ask first.:)
>
> Regards,
> Richard.

-- 



Patrick Kobly, CISSP



T: 403-274-9033

C: 403-463-6141

F: 866-786-9459

56 388 Sandarac Dr NW
Calgary, Alberta
T3K 4E3
http://www.kobly.com