NTMail 5.x Contains an Open Proxy

NTMail 5.x Contains an Open Proxy
Reported May 12 by
Simon Talbot

NTmail version 5.x


NTmail version 5.x (possibly other versions) contains a Web configuration interface and can also serve as a proxy for Web access. By default, the Web service listens on port 8000 while the proxy service listens on port 8080.

If NTMail is configured to turn off the proxy then the proxy will stop listening on the default port, however a user could point to the default Web port (8000) and gain open access to the Internet. NTMail does no prohibit use of the proxy on the Web-based configuration port.

The software has no restrictions on which users can use the proxy so any user with knowledge of the server could bypass any inhouse proxy restrictions, such as monitoring software, content filters, and more.


NTMailUSA is aware of the problem, however no fix has been released at the time of this writing. If you must restrict user access to Web sites via proxy then disable the Web configuration service in NTMail until the vendor resolves the issue.

Discovered and reported by Simon Talbot

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.