Hey Guys!

What can I say.....it has been a very slow week at work so I have way to much time on my hands. The second protocol I want to bring to light is going to be SMTP (Simple mail transport protocol). This is also a fundamental protocol that most users will take benefit of without realizing it. SMTP is connectionless and requires no authentication by default. Some software has its own bult in SMTP engine but most of us have to live with going through a hand out from our service providers. What makes this protocol interesting is the fact is gives us the ability to be anonymous while sending e-mail. Since no authentication is done we can be whoever we want to be. By using a function called mail relay and some telnet this can easily be achieved. The slang word for doing this is "spam". For awhile most SMTP servers were wide open to relay and the world of spam came to life. Fortunately, the industry caught hold of this and is still doing its best to but a hammer to those that would make a mockery of the e-mail system. We will get to that in a minute. Most service providers (large and common ones) will block port 25 for a particular subnet (do you remember you access lists still?) and hamper you from being able to connect to any smtp server that would or would not allow relay. How do they do this? Simple, they use xml coding so they can send mail over HTTP (port 80). Ever hear of hotmail?? Regardless, if you are lucky enough to grap a service provider that does not have restrictions on port 25 you will be able to hunt down smtp servers and find those that allow complete relay. Do this by searching for any hosts listening on port 25 and then telnet into that server via that port. When you login you should be able to authenticate (false of course) by type helo whatever.com If successful you will recieve a reply from the server actually welcoming you into the service and you are on your way. There is a pretty good tutorial on this at astalavista.com Now, since we are security minded people I am hoping that you are reading this in order to find a way to secure your mail servers. So, we know we cannot block port 25 because we need to be able to transfer traffic. Almost every version of SMTP software (NTMAIL etc...) will give you the option to deny relay from one server to the other. The only time you even need to relay is if you plan on moving all msg(s) sent from your server to another (like a main host). Even then....I would restrict that relay to the specific IP of the actual server itself. There are also, I believe, many built in spam guards for most professional versions of SMTP servers. Regardless, another simple protocol that can be a pain if not taken seriously. I hope this wraps it up for this post (I feel like going on to something more tricky). Thanks for the time,


Cordially,

Sp1d3r