BugBlog

Last days I’ve been busy investigating various email problems. I would like to share a few nice ones with you.

If you start an SMTP session you get a 220 welcomes messages. Which can be one line like:

220 Welcome at our mailserver

Or more lines like:

220-Welcome at our mailserver, we very like te keep spam out of the door and
220 one line is really not enough to put in our crap about policies

The only real thing that matters is that every line starts with 220 and the last one (and only last one) with 220<space>

Now enter the age of cisco-security-by-obsurity-censoring-devices:

Some cisco appliances do like to ‘protect’ your mailserver by replacing every word that in the protocol conversation that is not allowed with ***’s.

You should get something like this:

220 *******************************

Or more lines like:

220-**********************************************************************************
220 **************************************************************

No big deal, as long as it’s protocol compliant the SMTP session will work.

Back to the Real World.

A real session to mx2.xs4all.nl looks like:

220-mxdrop226.xs4all.nl ESMTP Sendmail 8.13.8/8.13.8; Wed, 31 Mar 2010 14:50:34 +0200 (CEST) NO UBE
220-This SMTP server is operated by XS4ALL Internet BV,
220-   Diemen, The Netherlands. XS4ALL Internet BV prohibits
220-   the use of this or any other XS4ALL systems or services
220-   for the transmission of Unsolicited Bulk E-mail (UBE).
220-  Questions about delivery-problems should be directed to
220    the appropriate RFC 2142 mailbox addresses.

The cisco censoring devices changes it to:

220-***********************************************************************************************
*******************************************************
************************************************************
**************************************************************
*************************************************************
*************************************************************
**************************************************

You can guess where it goes wrong.

To recap: If you can’t configure mailservers, you can’t secure them by obfuscating the protocol content.

NB: The xs4all mailserver was only used a an example how it could goes wrong, xs4all does not implement this technique. They are too clever for this kind of stupid shit.

This entry was posted on Wednesday, March 31st, 2010 at 3:11 pm and is filed under Hardware, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.