Re: ESMTP service

From: Ansgar -59cobalt- Wiechers <bugtraq@xxxxxxxxxxxxxxxx>
Date: Tue, 25 Dec 2007 01:41:09 +0100

On 2007-12-24 sisram2@xxxxxxxxx wrote:

I'm looking for info on exploits and security of ESMTP when you telnet
into port 25. I understand how to telnet in and send email via the
command line but trying to understand the security implications of
being able to do this. I am currently looking at this on Exchange 5.5.

Does ESMTP from the command line need to be "accessible" for the apps
to work or enabled to troubleshoot?

Are their DDOS attacks or hacks against ESMTP?

Is there a best practice to secure ESMTP

I've been able find info about ESMTP (commands) but not much info on
the potential security risks.

http://www.faqs.org/rfcs/rfc2821.html

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

References:
- ESMTP service
  - From: sisram2

Prev by Date: Re: User access certification
Next by Date: Re: ESMTP service
Previous by thread: ESMTP service
Next by thread: Re: ESMTP service
Index(es):
- Date
- Thread

Relevant Pages

Re: Attachment Limits
... Whether Exchange (or any SMTP server) can determine the message size ... whether the server advertises the possibility of using ESMTP ... whether the client understands ESMTP ... EHLO command to initiate the SMTP session, ...
(microsoft.public.exchange.admin)
how to exploit the ESMTP service
... I'm looking for info on exploits and security of ESMTP when you telnet into ... but trying to understand the security implications of being able to do this. ... Does ESMTP from the command line need to be "accessible" for the apps to ...
(Pen-Test)
Re: Emails stuck in queue error 451 4.4.0 Primary target IP addres
... EHLO is sent when ESMTP is supported. ... From the trasnscript of the TELNET session to the server's port 25 you don't even get a banner so you can't even enter the initial HELO or EHLO command. ...
(microsoft.public.exchange.misc)
ESMTP service
... I'm looking for info on exploits and security of ESMTP when you telnet into ... but trying to understand the security implications of being able to do this. ... Does ESMTP from the command line need to be "accessible" for the apps to ...
(Security-Basics)
problems with Mutt and esmtp
... What happens is that when I run Mutt and hit send, ... I find that when I hit send, Mutt has successfully called esmtp (as ... on the command line I ...
(freebsd-questions)