Re: default MTA
On Thursday, June 06, 2013 13:18:39, Bernhard R. Link wrote:
> * Chris Knadle <Chris.Knadle@coredump.us> [130606 14:53]:
> > I'm glad you asked this, because it prompted me to investigate further.
> > This was something I was told was commonly done, but it looks now like
> > it might be a misnomer. I'm not able to find a concrete example of a
> > system that allows SMTP MTA transfers but doesn't allow telnet to the
> > SMTP port. [The instances that seemed to fit the symptoms look like
> > they have more "normal" root causes, such as ISP port 25 filtering.]
> >
> > Because I had repeatedly been told that telnet to the MTA was a security
> > problem, prior to now I had suspected that blocking telnet to SMTP might
> > be possible via firewall filtering that distinguished the "type of
> > service" somehow, but after doing some packet sniffing and examining the
> > resulting packet internals I'm starting to doubt this is possible.
>
> Actually, it is possible to block telnet (and I've seen some ISPs do it).
Okay. I'm going to try to figure out how this is done, as this has been one
of those things "in the back of my mind" for a bit too long.
> In unrelated news, using telnet is a bad idea. If you want to connect to
> some port and see what you get, use netcat.
Yep, netcat looks like the better tool for this. Thanks for the hint!
-- Chris
--
Chris Knadle
Chris.Knadle@coredump.us
GPG Key: 4096R/0x1E759A726A9FDD74
Reply to: