Odds of a successful breach via Telnet into Port 25?
This is something Ive been trying to tackle for some time. It seems that despite all the wonderful security advancements in the Unix OS, and most of the major MTAs, a critical and friendly backdoor still remains open. It would appear that anyone with nothing more than an ancient Telnet client can casually wander into your mail server, and happily issue as many arbitrary commands as they please. A simple script can do the same thing.
From everything Ive read, theres no real way to stop this, as MTAs communicate in clear text. Some of the stuff Ive seen in my mail logs lately is downright scary, and again Short of closing down port 25, all I can do is sit back and watch? Forget about blocking the offending IP through iptables, as they rapid fire through multiple proxies.
My real question is this:
Providing youre using the a current version of Sendmail, Postfix, or whatever, and providing its configured properly to deny relaying, what are the actual odds of one of these no-lifes successfully hijacking your mail server? Are these rogue attempts something most of you observe frequently when observing your mail logs? Is it something most of you really worry about? Has ANYONE yet to discover an iptables recipe that kills off requests made from anything, but another mail server? Probably not, but I thought Id ask
Thanks,
Dave H
