Question about telnetting into SMTP Server
Results 1 to 5 of 5

Thread: Question about telnetting into SMTP Server

  1. #1

    Question Question about telnetting into SMTP Server

    I'm not sure if this is the right place for this particular subject, but couldn't find an 'E-mail Security' forum, so here goes
    If you're able to telnet into an SMTP server on port 25, but not able to run expn or vrfy (M$ Exchange server does not have these features to begin with) or send messages (server not configured to relay) is there anything to worry about?
    I'm asking because I recently installed Exchange 2000. I just read an article on finding information out about a particular user when you've got their e-mail address. The article went over the commands above and and a couple of other items. I'm able to telnet into my mail server from the outside, but didn't know if being able to do this alone presented some sort of situation. Is it necessary (or even possible for that matter) to block telnet on port 25? If so, how can this be configured on Exchange 2000?

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    If you service can't be used as a relay, then all you have to do is ensure you keep it up-to-date and patched. There are always exploits out there for SMTP servers, not sure about the Exchange side, but I would imagine there are. Make sure you are protected against those and you'll be fine.

    As for blocking just telnet access.... not possible. The client you use operates the same way regardless of what it looks like. It's just that Outlook, Netscape Mail and others know how to properly format the responses they get, with telnet you are getting the raw data.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    You can't block telnet on port 25 since, techically it isn't a telnet session it is an SMTP session and it takes place in the same manner as an SMTP session.

    If the server is denying relay then you are good to go......

    If you want to check whether a user exists do the following:-

    telnet mail.domain.com 25 <ENTER>
    helo test.com <ENTER>
    mail from: test@test.com <ENTER>
    rcpt to: whoever@domain.com <ENTER>

    Most servers will reply with a "250 OK" or "250 user ok" or something similar. If it doesn't say it's ok then the user usually doesn't exist. If you want to be more sure replace test.com and test@test.com with valid domain and email for yourself and continue the top bit with:-

    data <ENTER>
    this is a test. please do not reply I am verifying your email address manually <ENTER>
    . <ENTER>

    If you receive an NDR then you can be sure they don't exist - if you don't you can be more sure that they do....<s>
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    Generally, it is a handy thing to be able to telnet to the SMTP service.

    I'm able to telnet into my mail server from the outside, but didn't know if being able to do this alone presented some sort of situation.
    But, you need to set your security for it. Not allowing relay is good. Test that only a domain admin or Enterprise admin can telnet in. If a user can telnet in, you got problems. Anyone who can get to an SMTP service directly can spoof user information and send messages directly from the telnet session.

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Rapier: Ok, you got me... and I'm not being a smartass.....

    Using only a firewall and a WIN2kserver with Exchange 2000 how would I be able to restrict telnet access to domain admins only. The firewall is unaware of the credentials of the SMTP, (telnet to port 25), session and the SMTP server is likewise unaware of anything untoward, in fact it is really dumb. So since the telnet session appears to be nothing more than an, albeit, slow SMTP connection how can you restrict the access?

    Past that, if the SMTP server is "exploit free" and doesn't allow relay there really isn't much more that someone can do other then a little footprinting or sending a message to their boss telling him he "blows" under someone elses name which wouldn't do him much good if the admin looks through the logs 'cos he'll be able to tell the boss immediately that it wan't the "victim" who sent it......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •