what have i found?

i was poking around on this site..trying to find possible exploits(before anyone starts flaming, i was given permission to do so). anyway, i was playing around with the smtp on port 25 and i created a log of what i had made..the log is below..after the log, i stated what i had concluded and my general questions..
----------------

220 websvr.txxx.org ESMTP Service (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready

ehlo txxx.org
250-websvr.txxx.org Hello [my ip address]
250-XEXCH50
250-HELP
250-ETRN
250-DSN
250-SIZE 0
250-AUTH LOGIN
250-AUTH=LOGIN
auth login
334 VXNLcm5hbWU6
auth=login
501 garbled Base64 data
auth Username:
504 Authentication mechanism unsupported
auth VXNLcm5hbWU6
504 Authentication mechanism unsupported
help
214-Commands:
214- HELO MAIL RCPT DATA RSET
214- NOOP QUIT HELP VRFY ETRN
214- XEXCH50 STARTTLS AUTH
214 End of HELP info
---------------------------------
it gave me the garbled Base64 data and i used a decryptor to decipher it. it came out only to say, ' Username:' what is the purpose of having this encrypted in the first place? it seems invaluable. it couldnt be a password could it?? however, i tried this on other sites and i could not use the two commands: 'auth login' and 'auth=login' . the access was restricted. is there a possible hole here? i have tried mr.google and could not find anything....the command 'auth login' would lead me to believe it had something to do with the postmasters login, but it seemed irrelavent. thanks for your time, i am grateful to listen to any possible ideas that it may be.

Quote:

---

auth=login
501 garbled Base64 data

---

it was expecting a base64 encoded response (in this case the '=' is an illegal character).

Quote:

---

it came out only to say, ' Username:' what is the purpose of having this encrypted in the first place

---

it's just a prompt, there really not a big security issue with it being encoded instead of encrypted - as far as why even bother...? without researching it, my guess would be it's either a standard for this method of authentication or just another microsoft quirk/perk (take your pick).

Quote:

---

is there a possible hole here?

---

considering you have the ability to login - sure. considering it's microsoft and you'll be creating a luid with a successful login - you bet. but it's actually intended as a preventative mechanism against anonymous usage (typically where relaying and spam comes from).

What exactly are you trying to do? Log into an SMTP server? I didn't think you could "log" into an SMTP server -- per se. SMTP servers are for sending email. The only commands that the service should require are the HELO, MAIL TO, RCPT, and DATA. The server you're connecting to (websvr.txxx.org) probably is simply not configured to block email relay requests. Most mail servers are configured to block any attempts to send mail (and possibly other commands) unless you are connected to the same subnet as the mail server. This prevents malicious individuals from using your mail server for spam, or for anonymizing.
At least, that's how I understand it.

with esmtp you can restrict the ability to send with a valid login.

a few questions from the replies you gave. you said here that:

auth=login
501 garbled Base64 data
--it was expecting a base64 encoded response (in this case the '=' is an illegal character). --
all i used was one of the commands given to me at the beginning.


and then your response to this:

is there a possible hole here?
--considering you have the ability to login - sure. considering it's microsoft and you'll be creating a luid with a successful login - you bet. but it's actually intended as a preventative mechanism against anonymous usage (typically where relaying and spam comes from).---
how do i have the ability to login? all i have is something that says username: is that like a backdoor?

and this statement:
"with esmtp you can restrict the ability to send with a valid login."
that you gave, all you would need would be a username/password to shutdown the mail sending completly? that seems like a hazard..thanks for your time

Quote:

---

all i used was one of the commands given to me at the beginning.

---

in your original dialog you issued the auth login command, the response to that was:
334 VXNLcm5hbWU6
which is the username prompt. it was expecting a response rather than another command.

Quote:

---

how do i have the ability to login? all i have is something that says username: is that like a backdoor?

---

not a backdoor - just an authentication mechanism. it's no different in purpose than say BASIC authentication on a web server. it simply identifies you as a user on the system.

Quote:

---

all you would need would be a username/password to shutdown the mail sending completly? that seems like a hazard

---

as far as i know there are not any official management commands available through esmtp. although, i'm sure someone has implemented it somewhere. the reason for requiring a username and password are not to manage the service but to be able to send mail through it. in this way unauthorized user's can't use the service for spam or relaying purposes.

Quote:

---

as far as i know there are not any official management commands available through esmtp.

---

Try typing HELP at the prompt after you connect. If ESMTP is anything like standard unix SMTP, then it will list all the available commands for you.

In fact, one of the RED HAT machines that I connect to occasionally uses ESTMP....here's what I got when I typed HELP:

Quote:

---

214-2.0.0 This is sendmail version 8.11.2
214-2.0.0 Topics:
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation send email to
214-2.0.0 [email protected].
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info

---

Everything In caps are commands.

i showed all the commands i got in my log when i used help....look closely . thanks fellas for your answers..i appreciate it