Question about telnetting into SMTP Server

[infernon]

I'm not sure if this is the right place for this particular subject, but couldn't find an 'E-mail Security' forum, so here goes
If you're able to telnet into an SMTP server on port 25, but not able to run expn or vrfy (M$ Exchange server does not have these features to begin with) or send messages (server not configured to relay) is there anything to worry about?
I'm asking because I recently installed Exchange 2000. I just read an article on finding information out about a particular user when you've got their e-mail address. The article went over the commands above and and a couple of other items. I'm able to telnet into my mail server from the outside, but didn't know if being able to do this alone presented some sort of situation. Is it necessary (or even possible for that matter) to block telnet on port 25? If so, how can this be configured on Exchange 2000?

[HTRegz]

If you service can't be used as a relay, then all you have to do is ensure you keep it up-to-date and patched. There are always exploits out there for SMTP servers, not sure about the Exchange side, but I would imagine there are. Make sure you are protected against those and you'll be fine.

As for blocking just telnet access.... not possible. The client you use operates the same way regardless of what it looks like. It's just that Outlook, Netscape Mail and others know how to properly format the responses they get, with telnet you are getting the raw data.

[Tiger Shark]

You can't block telnet on port 25 since, techically it isn't a telnet session it is an SMTP session and it takes place in the same manner as an SMTP session.

If the server is denying relay then you are good to go......

If you want to check whether a user exists do the following:-

telnet mail.domain.com 25 <ENTER>
helo test.com <ENTER>
mail from: [email protected] <ENTER>
rcpt to: [email protected] <ENTER>

Most servers will reply with a "250 OK" or "250 user ok" or something similar. If it doesn't say it's ok then the user usually doesn't exist. If you want to be more sure replace test.com and [email protected] with valid domain and email for yourself and continue the top bit with:-

data <ENTER>
this is a test. please do not reply I am verifying your email address manually <ENTER>
. <ENTER>

If you receive an NDR then you can be sure they don't exist - if you don't you can be more sure that they do....<s>

[rapier57]

Generally, it is a handy thing to be able to telnet to the SMTP service.

I'm able to telnet into my mail server from the outside, but didn't know if being able to do this alone presented some sort of situation.

But, you need to set your security for it. Not allowing relay is good. Test that only a domain admin or Enterprise admin can telnet in. If a user can telnet in, you got problems. Anyone who can get to an SMTP service directly can spoof user information and send messages directly from the telnet session.

[Tiger Shark]

Rapier: Ok, you got me... and I'm not being a smartass.....

Using only a firewall and a WIN2kserver with Exchange 2000 how would I be able to restrict telnet access to domain admins only. The firewall is unaware of the credentials of the SMTP, (telnet to port 25), session and the SMTP server is likewise unaware of anything untoward, in fact it is really dumb. So since the telnet session appears to be nothing more than an, albeit, slow SMTP connection how can you restrict the access?

Past that, if the SMTP server is "exploit free" and doesn't allow relay there really isn't much more that someone can do other then a little footprinting or sending a message to their boss telling him he "blows" under someone elses name which wouldn't do him much good if the admin looks through the logs 'cos he'll be able to tell the boss immediately that it wan't the "victim" who sent it......