[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: default MTA

* Chris Knadle <Chris.Knadle@coredump.us> [130606 14:53]:
> I'm glad you asked this, because it prompted me to investigate further.  This 
> was something I was told was commonly done, but it looks now like it might be 
> a misnomer.  I'm not able to find a concrete example of a system that allows 
> SMTP MTA transfers but doesn't allow telnet to the SMTP port.  [The instances 
> that seemed to fit the symptoms look like they have more "normal" root causes, 
> such as ISP port 25 filtering.]
> 
> Because I had repeatedly been told that telnet to the MTA was a security 
> problem, prior to now I had suspected that blocking telnet to SMTP might be 
> possible via firewall filtering that distinguished the "type of service" 
> somehow, but after doing some packet sniffing and examining the resulting 
> packet internals I'm starting to doubt this is possible.

Actually, it is possible to block telnet (and I've seen some ISPs do it).

In unrelated news, using telnet is a bad idea. If you want to connect to some
port and see what you get, use netcat.
Telnet is not a tool to show things coming from a port but a tool to
speak the telnet protocol.

        Bernhard R. Link
Reply to: