Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Telnet to 25 and send spoofed internal email?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Telnet to 25 and send spoofed internal email? - 13.Jul.2005 1:14:00 PM
|
|
|
usual
Posts: 20
Joined: 27.Jun.2005
From: New York
Status: offline
|
Is there a way I can stop exchange server 2003 from allowing anyone outside to telnet to port 25 and send spoofed emails to my internal domain?
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 13.Jul.2005 1:19:00 PM
|
|
|
a.grogan
Posts: 1887
Joined: 12.Apr.2005
From: London
Status: offline
|
Hiya, on your SMTP Virtual server - you will be able to set connection restrictions on the security tab to named IP addresses only.
Hope this helps.
A
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 13.Jul.2005 1:30:00 PM
|
|
|
usual
Posts: 20
Joined: 27.Jun.2005
From: New York
Status: offline
|
Sorry, that didn't really help. Under the virtual server there is no security tabs and the section that looks like what you may be talking about doesn't seem to be what I need.
Anyone from the outside world can telnet to the exchange server on port 25, they recieve a banner and can begin to send command. They can NOT relay mail from external domains, but they CAN spoof internal emails to people in the domain. Something like
HELO
response
MAIL FROM: user@ourinternaldomain.com
response
RCPT TO: user@ourinternaldomain.com
response
DATA
type an email
.
queued
So now anyone in the internal domain can get mail they THINK came from someone else int he company but really came from an external source.
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 18.Jul.2005 9:22:00 AM
|
|
|
usual
Posts: 20
Joined: 27.Jun.2005
From: New York
Status: offline
|
No dice, I guess it's just something that can not be avoided.
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 18.Jul.2005 1:09:00 PM
|
|
|
MadMike
Posts: 272
Joined: 20.Nov.2001
From: Washington DC
Status: offline
|
Do you use this SMTP connection for users to send email?
If no you can set a mask of *@domaininquestion.com to be blocked inbound.
Its not fool proof but will stop a good part.
If you are truely looking for some type of address sender/reciepent filtering i would advise you look a third party tool to put in front of exchange to do what you are looking, plus alot more.
MadMike
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 18.Jul.2005 1:25:00 PM
|
|
|
usual
Posts: 20
Joined: 27.Jun.2005
From: New York
Status: offline
|
Thank you for the reply. I guess I was just a little confused because it seems like UNIX/Linux MTA's don't seem to be affected by this problem. Is it just an exchange thing? If I telnet to a UNIX MTA it just hangs, no display, no chance to type commands.
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 19.Jul.2005 12:23:00 PM
|
|
|
MadMike
Posts: 272
Joined: 20.Nov.2001
From: Washington DC
Status: offline
|
Many MTAs do what Exchange does...
Atleast the MTA should return the command codes 200 / 250 / 550 for the commands you enter
Are you sure its hung? -- It may be configured not to display anything? also is there some type of firewall / IPchains on / in front of the unix host in question?
MadMike
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 19.Jul.2005 12:54:00 PM
|
|
|
usual
Posts: 20
Joined: 27.Jun.2005
From: New York
Status: offline
|
thats what I mean though, whatever is being done to 'hide' or 'block' telneting to a unix based MTA, can it be done for an exchange MTA, it doesn't appear that it can. Any exchange server I have found just allows anyone to telnet to it. I havn't come across a unix based one that has let me yet. So it makes me curious if there is even a way for exchange to do something like this. The most i have seen done to exchange is the banner being changed.
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 19.Jul.2005 7:19:00 PM
|
|
|
a.grogan
Posts: 1887
Joined: 12.Apr.2005
From: London
Status: offline
|
Usual, apologies for my last post, I was not paying attention.
However, I prevent Telnet access to the SMTP servers in one of my Exchange environments by configuring the Connection Control section of the access tab under the SMTP default server properties.
Essentially I restrict access to only a few - required IP addresses.
Connections from sources outside the assigned range are refused.
Is this what you are looking for?
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 20.Jul.2005 6:45:00 AM
|
|
|
usual
Posts: 20
Joined: 27.Jun.2005
From: New York
Status: offline
|
I think so, and this will only block telnet? it wont block any mail from outside sources? The only change I want is to block telnet from the outside, possibly leave it open for a few internal addresses.
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 20.Jul.2005 7:23:00 AM
|
|
|
a.grogan
Posts: 1887
Joined: 12.Apr.2005
From: London
Status: offline
|
It will prevent outside servers from connecting to the Virtual SMTP server on port 25.
In my configuration, as I know the IP address of the SMTP server that forwards mail to my domains I only allow that server to 1) Connect 2) Relay mail. - works a treat!
A
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 20.Jul.2005 7:26:00 AM
|
|
|
usual
Posts: 20
Joined: 27.Jun.2005
From: New York
Status: offline
|
Yeah I can't do that because mail comes here from tons of smtp servers to our exchange server.
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 20.Jul.2005 8:13:00 AM
|
|
|
a.grogan
Posts: 1887
Joined: 12.Apr.2005
From: London
Status: offline
|
Do they connect - or simply relay mail - if they do is relay, then you can set the connection restrictions (give it a test first though).
A
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 20.Jul.2005 3:45:00 PM
|
|
|
dhenry911
Posts: 17
Joined: 9.Mar.2004
From: Texas
Status: offline
|
Same situation in my shop. I would really like to prevent Telnet clients from connecting to port 25 on the Exchange 2003 server. Let me know if you find a solution.
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 21.Jul.2005 3:08:00 AM
|
|
|
jeromeng
Posts: 17
Joined: 21.Jul.2005
From: Nigeria
Status: offline
|
I'm having the same problem in my exchange environment.
I can telnet to ANY exchange mailserver at port 25 and send mail to anyuser@domain as yourboss@domain, this can be used to get sentitive info or give instructions because you will normally act on your boss' orders.
Yahoo refuses telnet at port 25, hotmail lets me in, queues my mail but will not deliver it to the recipient. This is a very bad over-sight by MS.
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 21.Jul.2005 6:50:00 AM
|
|
|
usual
Posts: 20
Joined: 27.Jun.2005
From: New York
Status: offline
|
Well it seems pretty overlooked by the community as well. As far as letting you know when I find a solution, good luck. I've been asking all over the place for help with this issue and at best I get someone to understand what the problem is. Most people seem to shrug is off. I'm happy some more people are concerned.
[ July 21, 2005, 08:00 AM: Message edited by: usual ]
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 21.Jul.2005 4:35:00 PM
|
|
|
dhenry911
Posts: 17
Joined: 9.Mar.2004
From: Texas
Status: offline
|
The latest version of Symantec Anti-virus (9.0) stops telnet to port 25 by default. I have not installed this product but will download an evaluation version and test.
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 22.Jul.2005 1:06:00 PM
|
|
|
MadMike
Posts: 272
Joined: 20.Nov.2001
From: Washington DC
Status: offline
|
quote:
Originally posted by jeromeng:
I'm having the same problem in my exchange environment.
I can telnet to ANY exchange mailserver at port 25 and send mail to anyuser@domain as yourboss@domain, this can be used to get sentitive info or give instructions because you will normally act on your boss' orders.
Yahoo refuses telnet at port 25, hotmail lets me in, queues my mail but will not deliver it to the recipient. This is a very bad over-sight by MS.
Not wanting to say you are wrong but see below:
myserver:~$ telnet mx1.mail.yahoo.com 25
Trying 67.28.113.10...
Connected to mta-v4.level3.mail.yahoo.com.
Escape character is '^]'.
220 mta111.mail.re2.yahoo.com ESMTP YSmtp service ready
The above was done from my account on my linux server
If you block access to port 25 you will not get emails from outside that server (assuming it uses SMTP to recieve email)
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 22.Jul.2005 10:15:00 PM
|
|
|
isawader
Posts: 119
Joined: 7.Jul.2005
From: US
Status: offline
|
So you guys think spammers can only use telnet to spoof??????!
What about an actual SMTP server? It's easy to spoof addresses using any SMTP server. Blocking telnet at port 25 is a false sense of security. Besides, as MadMike said, you block port 25, you can't get any emails. Unfortunately, when IEEE came up with the specifications for SMTP protocol, we were living in a peace loving world ![[Smile]](/image/smiles/smile.gif) There wasn't any scums sending spam emails. Had they envisioned that one day we will have this situation, they would've definately came up with an alternative (possibly an authentication scheme).
You have two options to prevent these spoofed emails:
First, you can do reverse DNS lookup on the sending MTA before accepting any emails. The drawback is that not all the companies have properly configured their reverse DNS record. So you will end up rejecting hundreds of legitimate emails as spam.
Secondly, you can use SPF. It's the new form of fighting spam.
[ July 22, 2005, 10:19 PM: Message edited by: isawader ]
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: Telnet to 25 and send spoofed internal email? - 