Re: mail server vulnerability

[Patrick J Kobly <patrick () kobly com>]

praveen_recker () sify com wrote:
> Hi Abhishek,
>
> You can try connecting to the SMTP server using telnet,say
> c:/>telnet smtp_ip 25
> this should not be successful....so system admins should block TELNET to SMTP servers. 
Wha'? So... if an MTA / MX cannot be connected to on port 25, how
exactly will it do its job?  (Or are you suggesting that the server
should be able to magically tell that it's being connected to by telnet,
rather than by another MTA / MUA?)

The OP was talking about the ability to send mail anonymously.

Part of what the OP was asking was how to test if the mail server is an
open relay. 

http://www.abuse.net/relay.html

Is a great tool for testing this.

Probably want to verify as well, for mail servers that are relaying mail
from your internal network (MSA), that they require auth before relaying
(POP before SMTP or SMTP AUTH) even on messages relayed from your
internal network...  This is where the discussion around sending email
with telnet might be helpful, though the use of mail(1) in a *NIX
environment would do just as well...

> If successful this gives u the banner. Based upon version and vendor search for any exploits available for free 
> (refer milw0rm, metasploit etc) if u have commercial tools(coreimpact, saint etc) it's well and good.
> If u are good at Perl develop ur own script and start sending attacks by changing USER names, DOMAIN names etc to 
> overly long strings, format specifiers etc.
>   
Don't really know that exploitation of bugs is quite what the OP was
looking for, so much as misconfiguration of the MTA/MX/MSA...

PK

-- 

 

Patrick Kobly, CISSP

 

T: 403-274-9033

C: 403-463-6141

F: 866-786-9459

56 388 Sandarac Dr NW
Calgary, Alberta
T3K 4E3
http://www.kobly.com

Attachment: signature.asc
Description: OpenPGP digital signature