Penetration Testing mailing list archives
Re: TELNET and SMTP
From: "A. Tom McFrog" <theatomicfrog () gmail com>
Date: Sun, 8 Jul 2007 13:37:10 -0400
Zach, -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Behalf Of wymerzp () sbu edu Sent: 07 July 2007 22:31 To: pen-test () securityfocus com Subject: TELNET and SMTP Hello all, I'm looking at a client's site and they have unprotected access to port 25 (i.e . I can telnet to it and issue commands). When I attempt to send an email I get this message '553 Relaying is not supported'. My question is two-fold: 1)What could I do with the unprotected SMTP access if I can't send mail. 2)What purpose do you believe that the SMTP service provides? Does the SMTP simply recieve!?!? Thank you all, Zach ------------------------------------------------------------ I find your definition of 'unprotected access' to port 25 a flawed statement. You state you received an error 553, which to me, would indicate that the port is protected, to 'some' extent by the mail program's configuration which listening on that port. Have you attempted a look see to determine if the target has implemented any sort of SASL prior to relaying emails from outside the site's internal network? <quote> ...snip... 2)What purpose do you believe that the SMTP service provides? Does the SMTP simply recieve!?!? </quote> You should follow up with reading at the VERY LEAST, RFC821, RFC2821 pertaining to SMTP, and RFC2554 pertaining to SMTP service extensions for authentication. So you get some idea as to what you are asking. Use your search engine of choice to find the documentation. HTH ------------------------------------------ "Microsoft's biggest and most dangerous contribution to the software industry may be the degree to which it has lowered user expectations." --OS/2 Magazine ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------
Current thread:
- TELNET and SMTP wymerzp (Jul 07)
- RE: TELNET and SMTP Shenk, Jerry A (Jul 07)
- Re: TELNET and SMTP StaticRez (Jul 07)
- Re: TELNET and SMTP Marco Ivaldi (Jul 09)
- Re: TELNET and SMTP Hans-J. Ullrich (Jul 07)
- Re: TELNET and SMTP rajat swarup (Jul 07)
- RE: TELNET and SMTP Richard Lane (Jul 08)
- Re: TELNET and SMTP A. Tom McFrog (Jul 08)
- Re: TELNET and SMTP AdamT (Jul 08)
- <Possible follow-ups>
- RE: TELNET and SMTP Thomas W Shinder (Jul 07)
- RE: TELNET and SMTP Levenglick, Jeff (Jul 09)
- RE: TELNET and SMTP Russell Butturini (Jul 09)
- RE: TELNET and SMTP Levenglick, Jeff (Jul 09)
- Re: TELNET and SMTP Levenglick, Jeff (Jul 08)