Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Telnet to 25 and send spoofed internal email?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
RE: Telnet to 25 and send spoofed internal email? - 24.Jul.2005 11:08:00 AM
|
|
|
Jolo
Posts: 83
Joined: 6.Nov.2004
From: Brunei
Status: offline
|
How about changing the SMTP Banner?
You can edit your IIS Metabase for the virtual machine. You can download the IIS 6 Metabase Resource Kit from http://www.microsoft.com/iis.
Here are the step.
1. Using the resource kit, locate the smtp vitual server you want to modify, \Lm\Smtpsvc\1 folder.
2. Highlight the 1 folder and click edit => New => String Record
3. In the record window, Record Windows or Identifier textbox and enter 36907
4. Click OK to close the new record, then highlight the newly created record (ConnectResponse) in the list. Double click on it then enter the Banner Info that you want to show or just remove the banner. Click OK. Then you need to re-start the SMTP service.
I just did this on ours, telneting to it externally, doesn't show anything.
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 24.Jul.2005 9:27:00 PM
|
|
|
isawader
Posts: 119
Joined: 7.Jul.2005
From: US
Status: offline
|
After you telnet <server> 25, type this:
HELO
or
EHELO
What do you get?
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 5.Aug.2005 10:55:00 AM
|
|
|
Jolo
Posts: 83
Joined: 6.Nov.2004
From: Brunei
Status: offline
|
Nothing! goes back to dos prompt on my case...
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 17.Aug.2005 5:55:00 PM
|
|
|
Guest
|
SMTP uses the telnet protocol on port 25 for its message transfer. If you block manual telnets, then you block normal SMTP communcation as well.
The reason you may get blocked on some servers are their anti-spam measures. For instance, if I manually telnet to one of those and type this:
HELO YAHOO.COM
Their mail server will check the IP I used, and compare it with the reverse DNS of YAHOO.COM. If they don't match, they drop the connection.
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 23.Aug.2005 5:18:00 PM
|
|
|
Guest
|
I realize that this doesnĘt disable it, but you can at least make it harder for someone to identify what you are running. Check out this article. http://www.iisfaq.com/?View=A385&P=109
Also, if you are running a Cisco firewall (I am using a 515e) there is a fixup available that will do exactly what you are asking for...havenĘt been able to find anything natively in Exchange 2003 yet.
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 24.Aug.2005 1:11:00 PM
|
|
|
kemerson
Posts: 2
Joined: 24.Aug.2005
From: San Francisco
Status: offline
|
Is there a way I can stop exchange server 2003 from allowing anyone outside to telnet to port 25 and send spoofed emails to my internal domain?
I don't know about blocking all traffic on port 25, but you could block 99% of it. Just use an outside company to have your domains mail go to, so MX records for your domain go there. Then, allow traffic on port 25 to only come from that outside companies IP addresses. There are several companies that do this, just look on Google.
|
|
|
|
|
RE: Telnet to 25 and send spoofed internal email? - 14.Sep.2005 12:34:52 PM
|
|
|
akaljian
Posts: 7
Joined: 12.Aug.2004
From: Toronto
Status: offline
|
Our client is using an external host for pop mail and we are using a pop connector to our E2k3 server and by restricting the IP connections (which i learned to do thorugh this thread specifically), i've been able to block out the telnet spoofing which we had a serious issue with recently.
To add a further question, is there a way to track the original IP from a spoofed message that already came through the pop connector to the server? We have an email that is a spoof of the boss, but the header only shows the e2k3 server internal ip so we can trace the ip directly that sent this message originally. Basically, I want to know if e2k3 stores the original header somewhere and if its possible to read it OR if by the sheer fact that the pop connector downloads the message to the server, the original header is gone and only the ISP who is hosting would have that kind of record. I'm just trying to confirm either viewpoint becaue the client hired an "expert" and he couldn't answer the question, instead he played with telnet security options.....
Any help would be appreciated.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
