New
#1
TELNET and email security SEND email without password
Hi folks
seems some servers can allow telnet on the ISP / remote email server's port 25 without you having to enter a password -- and you can send an email
Not sure what these commercial ISP servers do but is there anyway to block this if using your own domain / hosting servers email systems. Just making use of telnet difficult doesn't to me seem a sufficient answer.
I tried this (as normal user not admin).
telnet <smtp servername 25>
EHLO <servername>
mail from: <email address> (don't forget the ':')
rcpt to: <target email address>
DATA now wait for the go ahead response (354 go ahead)
subject: <subject> e.g test from telnet.
enter a blank line
then your email text plus a blank line or two
finish with a single '.' (full stop) on a new line
you should get something like 250 message accepted
then QUIT
you'll get 221 smtpout.<url>
connection closed by foreign host.
Now check say with outlook and you'll find your email message assuming as test you sent it to a mailbox which you have access to.
Seems a bit of a security flaw here. Or certainly possibly a spammers paradise !!!.
Any ideas on how to beef up the security - especially if it's on say a domain you own. Not sure if there's anything you can do though on ISP email servers.
Cheers
jimbo