Welcome to ServerForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Telnet & SMTP

  
   Windows Server (Home) -> Windows Server Security RSS
Next:  The system administrator has set policies to prev..  
Author Message
Tim

External


Since: Jul 23, 2006
Posts: 3



(Msg. 1) Posted: Sun Jul 23, 2006 7:01 pm
Post subject: Telnet & SMTP
Archived from groups: microsoft>public>windows>server>security (more info?)
A recent Nessus scan reported that one of my servers has reported two
security holes:

1. Telnet is running and is vulernable to buffer overflows.

2. Port 80 is open and can be killed by sending a request with an too long
Basic authentication field.

Is the Telnet service required for SMTP to properly function?

Thank you.

 >> Stay informed about: Telnet & SMTP 
Back to top
Login to vote
Roger Abell [MVP]

External


Since: May 04, 2004
Posts: 559



(Msg. 2) Posted: Sun Jul 23, 2006 7:01 pm
Post subject: Re: Telnet & SMTP [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
There is nothing about Windows that requires telnet, including SMTP.
If your port 80 is serviced by IIS and the machine is up to date on
service pack / security patches then what is reported by Nessus is
not accurate.

"Tim" <tim.TakeThisOut@NOSPAMvisualmalls.com> wrote in message
news:RMedna1GoPMmkFnZnZ2dnUVZ_sCdnZ2d@comcast.com...
>A recent Nessus scan reported that one of my servers has reported two
>security holes:
>
> 1. Telnet is running and is vulernable to buffer overflows.
>
> 2. Port 80 is open and can be killed by sending a request with an too long
> Basic authentication field.
>
> Is the Telnet service required for SMTP to properly function?
>
> Thank you.
>

 >> Stay informed about: Telnet & SMTP 
Back to top
Login to vote
Tim

External


Since: Jul 23, 2006
Posts: 3



(Msg. 3) Posted: Sun Jul 23, 2006 10:45 pm
Post subject: Re: Telnet & SMTP [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
If I turn off the Telnet service, will that take care of the issue where the
banner discloses the ESMTP version?

"Roger Abell [MVP]" <mvpNoSpam.DeleteThis@asu.edu> wrote in message
news:OEsP98rrGHA.4252@TK2MSFTNGP02.phx.gbl...
> There is nothing about Windows that requires telnet, including SMTP.
> If your port 80 is serviced by IIS and the machine is up to date on
> service pack / security patches then what is reported by Nessus is
> not accurate.
>
> "Tim" <tim.DeleteThis@NOSPAMvisualmalls.com> wrote in message
> news:RMedna1GoPMmkFnZnZ2dnUVZ_sCdnZ2d@comcast.com...
>>A recent Nessus scan reported that one of my servers has reported two
>>security holes:
>>
>> 1. Telnet is running and is vulernable to buffer overflows.
>>
>> 2. Port 80 is open and can be killed by sending a request with an too
>> long Basic authentication field.
>>
>> Is the Telnet service required for SMTP to properly function?
>>
>> Thank you.
>>
>
>
 >> Stay informed about: Telnet & SMTP 
Back to top
Login to vote
Tim

External


Since: Jul 23, 2006
Posts: 3



(Msg. 4) Posted: Mon Jul 24, 2006 5:10 pm
Post subject: Re: Telnet & SMTP [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
> You didn't tell us what you're using for SMTP services [what version of
> Exchange, Windows, etc]. Here's how to modify the SMTP banner for
> Exchange 2000 and 2003:

This server is dedicated to Exchange hosting and does need require OWA.

Thanks to all for the great guidence!
 >> Stay informed about: Telnet & SMTP 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
SMTP Greeting message - Is it possible to change the Welcome Message of a SMTP Virtual Server by using telnet to port 25. ? Thanks Tom

IIS SMTP Gateway - Hi, is there a way to check the Sender SMTP Address under IIS 6.0 ? Thanks for help. Best Regards Tom

Certification Authority: Need to change FROM field on SMTP.. - Hello, I use the Certification Authority of Windows 2003. I would like to get e-mail notification upon certificate request put in pending state. I did the configuration as described in help but the FROM field in the SMTP request (captured by some..

Telnet - I cannot figure out what rights to give to a user for them to access the telent server on Windows 2003 server. The only rights that I can get to work are administrator, but I do not want to make a user part of the administrator group to access the..

telnet server auth without password, how ? - hi all, how can i setup/configure a telnet server service that doesnt ask for a password ? i just want to login using my username but without supplying a password. please dont ask WHY i whant to this, i know this will cause a security problem in..
   Windows Server (Home) -> Windows Server Security All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]