On Tuesday 25 October 2005 23:00, Covington, Chris wrote:
> I believe this sort of spamming uses the CONNECT method.
That's what I thought at first, too. Unfortunately it even works without
tunneling (CONNECT). The SMTP commands are sent like a HTTP request header.
Most of the commands (like GET...) are ignored by the mail server. But the
"MAIL FROM" and "RCPT TO" are evaluated. Pretty nifty. However a mailserver
which checks for proper pipelining (whether the SMTP client sends the
commands one by one) will quickly kick the proxy out.
So he will also have to check whether HTTP requests to port 25 would be
allowed. But it appears like the OP is busier hunting a single attacker
than fixing the hole. :(
Christoph
-- ~ ~ ".signature" [Modified] 1 line --100%-- 1,48 AllReceived on Wed Oct 26 2005 - 05:06:27 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:05 MST