Security Basics mailing list archives
Re: mail server vulnerability
From: "Atilla Remote Support" <info () atilla dhs org>
Date: Fri, 20 Feb 2009 22:48:39 +0100
I don't now how it got fixed. It was not possible for me to fake a mta manually by telnetting to the ip and port 25 and then write a mail from root to an existing user. But it was some time ago, maybe Kerio checked it by a helo timeout setting. I'm glad my thoughts were correct about port 25 that it should be open and not closed like Praveen said. Thank you all for the answers! ----- Original Message ----- From: "Patrick J Kobly" <patrick () kobly com> To: "Atilla Remote Support" <info () atilla dhs org> Cc: <greimer () fccc edu>; <security-basics () securityfocus com> Sent: Friday, February 20, 2009 9:28 PM Subject: Re: mail server vulnerability If I had to bet, I'd bet that the setup segregated MSA functionality from MTA functionality... So outbound clients have to relay using Submission (on port 587), requiring SMTP AUTH, while 25 is exposed on the MX to the outside world to accept inbound mail. So, while you may not be able to connect to 25 on the server providing MSA functionality (or from an internal network), equipment on the net needs to be able to connect to your MX's 25 (and so could telnet to the MX's port 25, which it sees as exactly the same as a mail server connecting to it). PK Atilla Remote Support wrote:
Yes, that's what I thought too. However, I had installed Kerio mailserver once and I don't know how it was done, but manual telnet access was not possible and mailserver to mailserver access was. Anyway, I wondered if it was possible to protect this because Praveen wrote it. Seemed strange to me to, but i'm not an expert so for me it's better to ask first.:) Regards, Richard.
-- Patrick Kobly, CISSP T: 403-274-9033 C: 403-463-6141 F: 866-786-9459 56 388 Sandarac Dr NW Calgary, Alberta T3K 4E3 http://www.kobly.com
Current thread:
- RE: mail server vulnerability, (continued)
- RE: mail server vulnerability Nick Vaernhoej (Feb 09)
- Re: mail server vulnerability Eitan Adler (Feb 10)
- Re: Re: mail server vulnerability viveksilla (Feb 10)
- Re: Re: mail server vulnerability ryancol (Feb 10)
- Re: mail server vulnerability Ansgar Wiechers (Feb 10)
- Re: Re: mail server vulnerability praveen_recker (Feb 20)
- Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: Re: mail server vulnerability greimer (Feb 20)
- Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: mail server vulnerability Patrick J Kobly (Feb 20)
- Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: Re: mail server vulnerability Balakrishnan B (Feb 20)