Penetration Testing mailing list archives
RE: Securing Insecure SMTP
From: "Shenk, Jerry A" <jshenk () decommunications com>
Date: Mon, 6 Oct 2008 07:46:49 -0400
It sounds like you also need to take a non-ssl program and enable it to connect to an ssl server. I have used sslproxy - http://www.obdev.at/products/ssl-proxy/index.html. With that, you can do something like "sslproxy -l 1234 -R [remote server] -r 25 -p ssl23" where 1234 is that port that will be listening on your box and [remote server] is the smtp server that is listening with ssl. If that smtp server is listening on some port other than 25, obviously use that. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ahmed Zaki Sent: Sunday, October 05, 2008 5:20 PM To: pen-test () securityfocus com Subject: Securing Insecure SMTP Hi all I am presented with a client software that attempts to connect to an smtp on port 25 . The good part is the smtp server does not accept connections on port 25 instead it uses the SSL smtp port. What I probably need is to proxy the outgoing connections to port 25 so that they go to the other port . Any recommendations on how to achieve that ? Regards ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ **DISCLAIMER This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Securing Insecure SMTP Ahmed Zaki (Oct 05)
- Re: Securing Insecure SMTP Robert Marquardt (Oct 05)
- RE: Securing Insecure SMTP Iacob, George M (Oct 06)
- Re: Securing Insecure SMTP David Howe (Oct 06)
- Re: Securing Insecure SMTP Danny Fullerton (Oct 06)
- Re: Securing Insecure SMTP Robin Wood (Oct 06)
- RE: Securing Insecure SMTP Shenk, Jerry A (Oct 06)
- Re: Securing Insecure SMTP Ahmad Taha (Oct 06)
- Re: Securing Insecure SMTP Zed Qyves (Oct 06)
- Re: Securing Insecure SMTP Robert Marquardt (Oct 05)