Re: default MTA
* Chris Knadle <Chris.Knadle@coredump.us> [130606 14:53]:
> I'm glad you asked this, because it prompted me to investigate further. This
> was something I was told was commonly done, but it looks now like it might be
> a misnomer. I'm not able to find a concrete example of a system that allows
> SMTP MTA transfers but doesn't allow telnet to the SMTP port. [The instances
> that seemed to fit the symptoms look like they have more "normal" root causes,
> such as ISP port 25 filtering.]
>
> Because I had repeatedly been told that telnet to the MTA was a security
> problem, prior to now I had suspected that blocking telnet to SMTP might be
> possible via firewall filtering that distinguished the "type of service"
> somehow, but after doing some packet sniffing and examining the resulting
> packet internals I'm starting to doubt this is possible.
Actually, it is possible to block telnet (and I've seen some ISPs do it).
In unrelated news, using telnet is a bad idea. If you want to connect to some
port and see what you get, use netcat.
Telnet is not a tool to show things coming from a port but a tool to
speak the telnet protocol.
Bernhard R. Link
Reply to: