SecurityFocus

Securing Insecure SMTP Oct 05 2008 09:20PM
Ahmed Zaki (ahmedmzaki gmail com) (6 replies)

Re: Securing Insecure SMTP Oct 06 2008 04:32PM
Robin Wood (dninja gmail com)

RE: Securing Insecure SMTP Oct 06 2008 11:46AM
Shenk, Jerry A (jshenk decommunications com)

It sounds like you also need to take a non-ssl program and enable it to
connect to an ssl server. I have used sslproxy -
http://www.obdev.at/products/ssl-proxy/index.html. With that, you can
do something like "sslproxy -l 1234 -R [remote server] -r 25 -p ssl23"
where 1234 is that port that will be listening on your box and [remote
server] is the smtp server that is listening with ssl. If that smtp
server is listening on some port other than 25, obviously use that.

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Ahmed Zaki
Sent: Sunday, October 05, 2008 5:20 PM
To: pen-test (at) securityfocus (dot) com [email concealed]
Subject: Securing Insecure SMTP

Hi all

I am presented with a client software that attempts to
connect to an smtp on port 25 . The good part is the smtp server does
not
accept connections on port 25 instead it uses the SSL smtp port. What I
probably need is to proxy the outgoing connections to port 25 so that
they
go to the other port . Any recommendations on how to achieve that ?

Regards

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business.

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

[ reply ]

Re: Securing Insecure SMTP Oct 06 2008 07:04AM
Ahmad Taha (ahmad taha usa net)

Re: Securing Insecure SMTP Oct 06 2008 06:50AM
Zed Qyves (zqyves spamtrap gmail com)

Re: Securing Insecure SMTP Oct 06 2008 06:06AM
Danny Fullerton (dfullerton mantor org)

Re: Securing Insecure SMTP Oct 06 2008 01:24AM
Robert Marquardt (email robert-marquardt com) (2 replies)

RE: Securing Insecure SMTP Oct 06 2008 03:03PM
Iacob, George M (Iacob George corp sysco ca)

Re: Securing Insecure SMTP Oct 06 2008 08:42AM
David Howe (DaveHowe Pentest googlemail com)