> Not quite knowing how SMTP vulnerabilities are exploited, I > am assuming that this can not be executed by simply sending ...
In fact it's as nearly as simple as writing an email message! Durring the SMTP-Envelope session the attacker has to specify a mail-from and rcpt-to address and the only thing that must be done is to include in this address the code that should be executed on the server. It's not a simple "format c:" that you can attach to the email-address but the sample exploit does exactly show how to do and with a little bit of knowledge you can also easily become a hacker. Having third-party gateway solutions (Alligate, ASSP, ORF, ...) in front of your server would help but only if your Imail-SMTP-Service is completely unreachable from at least the internet. Markus To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
