Security Basics mailing list archives
Re: Sender Spoofing via SMTP
From: Luis Fernandez <lafernandez () matchmind es>
Date: Mon, 07 Nov 2005 09:36:07 +0100
Perhaps you should consider products like SpamAssasin, or better even, appliances like Barracuda or Ironport. Good luck. brandon.steili () gmail com wrote:
Everyone, Thanks for your replies thus far, but they have helped add few more thoughts. By the way, I'm also looking for any thoughts on how to restrict this from happening internally as well. Using the about example, I can connect to a local exchange server and intiate the same spoofing technique to another local user -- for example I can connect to the server via Telnet to 25 and send my cubemate an email from santa@mydomain and tell him that the north pole has been having connectivity issues... It's junk like this I am trying to prevent internal and external people from doing straight from a telnet session. Quote(Andrew Chong) - Currently, two common technologies are SMIME and PGP to digitallysign/encrypt emails. Response - This would help validate the sender to the enduser, which is a good start (and easy to teach to users). Not really the overall solution but definetly getting there. Thanks! Quote(Craig Wright) - Internal mail will not generally pass through SMTP Response - Great Point, but in this scenario I am connecting to port 25 and intiating the message directly via SMTP on the server. I think regardless of what happens to the message once it hits the queue and gets moved around by the Information Store or another MTA the fatal problem is that I was able to connect and send send the message? Quote (Dallas Jordan & Corey LeBleu) (sort of combining these two) - I believe you should set your email server to only relay email coming from your domain. that would prevent people from the internet connecting to the server and sending emails randomly. Unauthenticating Mail Relay Response - However if I setup the server so it requires authentication for communication, would this not break the ability for other domains to send email to my users? I have validated that I cannot spoof outbound emails from the internet based connection, so I'm not a completely open relay, but open enough that external connections can spoof an internal email sender and get that mail delivered to a recipient. Sorry for hitting this so hard, but I have done a bunch of searching on the net, read way too much Technet and although I find bits and pieces, nothing really addresses the ability to spoof a sender or prevent this type of relaying without breaking everything else. Thanks Again for the responses!
Current thread:
- Re: Sender Spoofing via SMTP, (continued)
- Re: Sender Spoofing via SMTP jalbuquerque (Nov 04)
- RE: Sender Spoofing via SMTP Tim Ballingall (Nov 04)
- RE: Sender Spoofing via SMTP Craig Wright (Nov 04)
- Re: Sender Spoofing via SMTP brandon . steili (Nov 04)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 07)
- Re: Sender Spoofing via SMTP Ansgar -59cobalt- Wiechers (Nov 07)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 09)
- Re: Sender Spoofing via SMTP Chris Moody (Nov 10)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 07)
- RE: Sender Spoofing via SMTP David Gillett (Nov 07)
- Re: Sender Spoofing via SMTP S.A.B.R.O. Net Security (Nov 08)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 08)
- Re: Re: Sender Spoofing via SMTP Bryan S. Sampsel (Nov 08)
- Re: Re: Sender Spoofing via SMTP Barrie Dempster (Nov 08)
- Re: Re: Sender Spoofing via SMTP Bryan S. Sampsel (Nov 08)