Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Reject mail sent from SMTP commands
1 view
Skip to first unread message
Rachid Abdelkhalak
Feb 7, 2012, 8:38:19 AM2/7/12
to
Hello Postfix users,
It is possible to tell to postfix to stop accept sending mails from SMTP
commands executed from a telnet server 25 ?
Even if the mails are sent from or to relayed domain !!
Thank you
Ralf Hildebrandt
Feb 7, 2012, 8:41:56 AM2/7/12
to
* Rachid Abdelkhalak <rac...@mtds.com>:
restart postfix.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hil...@charite.de | http://www.charite.de
>
> Hello Postfix users,
>
> It is possible to tell to postfix to stop accept sending mails from
> SMTP commands executed from a telnet server 25 ?
Yes, simply comment out the "smtp ... smtpd" line in master.cf and
> Hello Postfix users,
>
> It is possible to tell to postfix to stop accept sending mails from
> SMTP commands executed from a telnet server 25 ?
restart postfix.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hil...@charite.de | http://www.charite.de
/dev/rob0
Feb 7, 2012, 8:53:11 AM2/7/12
to
On Tue, Feb 07, 2012 at 01:38:19PM +0000, Rachid Abdelkhalak wrote:
> It is possible to tell to postfix to stop accept sending mails
> from SMTP commands executed from a telnet server 25 ?
>
> It is possible to tell to postfix to stop accept sending mails
> from SMTP commands executed from a telnet server 25 ?
>
> Even if the mails are sent from or to relayed domain !!
What is the goal? If the goal is merely to distinguish between
regular mailer software and someone sitting at a terminal using
telnet(1) as a client, this is not possible. It is also silly to
think you will gain anything from making that distinction.
There was a recent thread on this list about this: January or
December.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Noel Jones
Feb 7, 2012, 9:02:54 AM2/7/12
to
On 2/7/2012 7:38 AM, Rachid Abdelkhalak wrote:
>
> Hello Postfix users,
But I really would like to know why you ask. Did you read some
article that suggested this? Did some security audit flag this as a
vulnerability?
[1] careful packet timing analysis (outside of postfix) might allow
you to "guess" that a session is hand-typed, but blocking that gains
you nothing since there are many command line tools that would
easily fool such analysis.
-- Noel Jones
>
> Hello Postfix users,
>
> It is possible to tell to postfix to stop accept sending mails from
> SMTP commands executed from a telnet server 25 ?
No, it's not possible[1], and not desirable.
> It is possible to tell to postfix to stop accept sending mails from
> SMTP commands executed from a telnet server 25 ?
But I really would like to know why you ask. Did you read some
article that suggested this? Did some security audit flag this as a
vulnerability?
[1] careful packet timing analysis (outside of postfix) might allow
you to "guess" that a session is hand-typed, but blocking that gains
you nothing since there are many command line tools that would
easily fool such analysis.
-- Noel Jones
/dev/rob0
Feb 7, 2012, 9:18:55 AM2/7/12
to
On Tue, Feb 07, 2012 at 07:53:11AM -0600, I wrote:
> On Tue, Feb 07, 2012 at 01:38:19PM +0000, Rachid Abdelkhalak
> wrote:
> On Tue, Feb 07, 2012 at 01:38:19PM +0000, Rachid Abdelkhalak
> wrote:
> > It is possible to tell to postfix to stop accept sending
> > mails from SMTP commands executed from a telnet server 25 ?
> >
> > mails from SMTP commands executed from a telnet server 25 ?
> >
> > Even if the mails are sent from or to relayed domain !!
>
> What is the goal? If the goal is merely to distinguish between
> regular mailer software and someone sitting at a terminal using
> telnet(1) as a client, this is not possible. It is also silly
> to think you will gain anything from making that distinction.
>
> There was a recent thread on this list about this: January or
> December.
In case you were not on the list then, here is the reference:
>
> What is the goal? If the goal is merely to distinguish between
> regular mailer software and someone sitting at a terminal using
> telnet(1) as a client, this is not possible. It is also silly
> to think you will gain anything from making that distinction.
>
> There was a recent thread on this list about this: January or
> December.
Subject: Disable sending mails via telnet
From: Leslie León Sinclair <les...@electrica.cujae.edu.cu>
To: postfi...@postfix.org
Date: Tue, 10 Jan 2012 16:45:25 -0500
Message-Id: <1326231925.7884.33.camel@SID>
0 new messages