One other thing to add to this. Ipswitch in their brilliance, decided
to make a default password of "password" for any newly created account
including root. One must take great care to change these otherwise
they can become susceptible to AUTH hacking with a great deal of ease,
and you then become essentially an open relay even though you are
configured not to be.
Matt
Dan Horne wrote:
Orin Wells <> wrote on Thursday, September 08, 2005 1:15 AM:
Regarding telnet - apparently there is a problem with windows 2003
and iMail. If my source is correct one can telnet into a Windows
2003 system running iMail (pick a version) on port 25 and get by the
authentication. Again, my source told me that neither Micosoft nor
Ipswitch has come up with a way to stop this. It appears only to be
a problem on Windows 2003, not Windows 2000.
This is FUD and is patently false. Telnetting on port 25 is not true
"telnet" which runs on port 23. When you connect on port 25 you are
connecting to an SMTP session just like any other SMTP server. It is
not possible to bypass Authentication in this manner. If your source is
trying to do this from your network, and you have your network in the
"relay mail for addresses" list, then no authentication is necessary.
The proper way to test this would be to make the attempt from an outside
network. If you have your relay settings set to anything other than "No
mail relay" or "relay for addresses", then no authentication is
necessary from any network and you ARE an open relay. Your source has
his facts wrong. The OS (windows 2003/2000) has nothing to do with
Imail's SMTP service and whether it requires auth.
Dan Horne
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
|
- Re: [Declude.JunkMail] OT - iMail 7.x and Win... Matt
-
