Security Basics mailing list archives

Re: ESMTP service

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Tue, 25 Dec 2007 01:41:09 +0100

On 2007-12-24 sisram2 () gmail com wrote:

I'm looking for info on exploits and security of ESMTP when you telnet
into port 25. I understand how to telnet in and send email via the
command line but trying to understand the security implications of
being able to do this. I am currently looking at this on Exchange 5.5.

Does ESMTP from the command line need to be "accessible" for the apps
to work or enabled to troubleshoot?

Are their DDOS attacks or hacks against ESMTP?

Is there a best practice to secure ESMTP

I've been able find info about ESMTP (commands) but not much info on
the potential security risks.


http://www.faqs.org/rfcs/rfc2821.html

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Current thread:

ESMTP service sisram2 (Dec 24)
- Re: ESMTP service Ansgar -59cobalt- Wiechers (Dec 26)
- Re: ESMTP service Sun Z (Dec 26)
  - Re: ESMTP service Ansgar -59cobalt- Wiechers (Dec 27)