"Clarence (Andreas M. Schneider)" wrote:
>
> Rip Toren wrote:
> >
> > OK....
> > I am trying to get a grip on this.
> >
> > The spammer uses this magic URL in his browser. The browser connects to
> > 'host' at port 25, while expecting to implement an FTP login. The remote
> > server picks up the 'SMTP commands here' and the envokes sendmail to
> > send some spam?
> >
> > Is this possibly a configuration problem for the server or the sendmail.
> > I can see where the sendmail would simply see a local forwarding, but I
> > don't follow what the browser does to tie the two (it's input and
> > sendmail) together.
> >
> > Can you go into more detail about the significance of the LineFeed and
> > the SMTP commands?
>
> I do not know details, but try this link:
>
>
>ftp://%0aHELO%20localhost%0aMAIL%20FROM%3a%3cnobody%40mozilla.org%3e%0aRCPT%20TO%3a%3cXXX%3e%0aDATA%0atest%0a.%0aQUIT@YYY:25
>
> Replace XXX with your mail address (e.g. rptoren%40missi.ncsc.mil )
> and YYY with a host accepting mail for you (e.g. stingray.missi.ncsc.mil ).
>
> BTW, what does IE with such a link?
>
> Clarence
I get "Sorry, access to the port number given has been disabled for
security reasons"
--
Jay Garcia - Netscape Champion
Novell MCNE-5/CNI
