Security Basics mailing list archives
Re: Re: mail server vulnerability
From: viveksilla () gmail com
Date: 10 Feb 2009 06:22:36 -0000
The core issue in this would be Open Relay not being disabled on the SMTP server. This can actually tested both manually as well as with the help of tools. The easiest way of testing this would be to telnet to TCP Port 25 (SMTP) on the mail server to be tested, and then use predefined commands like HELO, MAILFROM, MAILTO, DATA etc to send email from a fictitious account to a genuine account. The commands might slightly vary depending on the version of the SMTP server being used. The server is vulnerable if the mail is sent successfully. Specific tools built for this purpose could also be used for the same purpose. These tools might be capable of testing other aspects in addition to the Open Relay. Even general VA tools like Nessus, if configured properly may be used for such purposes. Pl. feel free to mail me for further information on the same. Regards Vivek a.k.a Vickyb@b@
Current thread:
- mail server vulnerability Abhishek Kumar (Feb 09)
- Re: mail server vulnerability p3dRø (Feb 09)
- RE: mail server vulnerability Nick Vaernhoej (Feb 09)
- Re: mail server vulnerability Eitan Adler (Feb 10)
- <Possible follow-ups>
- Re: Re: mail server vulnerability viveksilla (Feb 10)
- Re: Re: mail server vulnerability ryancol (Feb 10)
- Re: mail server vulnerability Ansgar Wiechers (Feb 10)
- Re: Re: mail server vulnerability praveen_recker (Feb 20)
- Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: Re: mail server vulnerability greimer (Feb 20)
- Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: mail server vulnerability Patrick J Kobly (Feb 20)
- Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: Re: mail server vulnerability Balakrishnan B (Feb 20)