Can NT4 SMTP Service be misused for mail spamming

From: st0ff st0ff (if0ff_at_YAHOO.COM)
Date: 08/25/03

  • Next message: Vladimir Markovic: "W2K SP4 bug on DCs"
    Date:         Mon, 25 Aug 2003 05:38:53 -0700

    Hi List
    I'm became aware, that it is possible to relay mails
    on a fully patched NT4 box. The SMTP service, which is
    part of the optionpack is the subject matter.

    I've installed SP6a with the SRP Q299444 and the
    newest IIS cumulative patch Q811114. The configuration
    disallow to relay mails on this server, except for the

    If I send an email as follows, the mail is going to be

    > telnet 25
    Connected to
    Escape character is '^]'. Microsoft SMTP MAIL ready at Wed, 25
    Aug 2003 10:50:27 +0200 Version: 5.5.1877.197.19 220
    ESMTP spoken here helo localhost
    250 Hello []
    mail from:
    250 OK
    rcpt to: ""
    250 ""
    354 Start mail input; end with <CRLF>.<CRLF>
    subject: spamtest
    250 0892a4350054683343212 Queued mail for delivery
    221 Service closing transmission channel
    Connection closed by foreign host.

    Is that a bug, a misconfiguration or did I miss a

    Thanks a lot


    Do you Yahoo!?
    Yahoo! SiteBuilder - Free, easy-to-use web site design software

    Whatever Happened to Octopus?

    LEGATO RepliStor, formerly known as Octopus, delivers breakthrough
    replication performance that's 5X faster than the competition in an
    independent head-to-head test. Learn how RepliStor uses patented,
    asynchronous, real-time replication, to deliver disaster recovery, data
    distribution and consolidated backups. It is the first replication solution
    to achieve Windows 2003 certification. Get the performance report now.


  • Next message: Vladimir Markovic: "W2K SP4 bug on DCs"