Security Basics mailing list archives

Re: Re: mail server vulnerability

From: viveksilla () gmail com
Date: 10 Feb 2009 06:22:36 -0000

The core issue in this would be Open Relay not being disabled on the SMTP server.
This can actually tested both manually as well as with the help of tools.
The easiest way of testing this would be to telnet to TCP Port 25 (SMTP) on the mail server to be tested, and then use 
predefined commands like HELO, MAILFROM, MAILTO, DATA etc to send email from a fictitious account to a genuine account. 
The commands might slightly vary depending on the version of the SMTP server being used. The server is vulnerable if 
the mail is sent successfully.

Specific tools built for this purpose could also be used for the same purpose. These tools might be capable of testing 
other aspects in addition to the Open Relay.

Even general VA tools like Nessus, if configured properly may be used for such purposes.

Pl. feel free to mail me for further information on the same.

Regards
Vivek a.k.a Vickyb@b@

Current thread:

mail server vulnerability Abhishek Kumar (Feb 09)
- Re: mail server vulnerability p3dRø (Feb 09)
- RE: mail server vulnerability Nick Vaernhoej (Feb 09)
- Re: mail server vulnerability Eitan Adler (Feb 10)
- <Possible follow-ups>
- Re: Re: mail server vulnerability viveksilla (Feb 10)
- Re: Re: mail server vulnerability ryancol (Feb 10)
  - Re: mail server vulnerability Ansgar Wiechers (Feb 10)
- Re: Re: mail server vulnerability praveen_recker (Feb 20)
  - Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
    - Re: Re: mail server vulnerability greimer (Feb 20)
    - Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
    - Re: mail server vulnerability Patrick J Kobly (Feb 20)
    - Re: mail server vulnerability Atilla Remote Support (Feb 20)
  - Re: Re: mail server vulnerability Jared Curtis (Feb 20)
    - Re: Re: mail server vulnerability Balakrishnan B (Feb 20)

(Thread continues...)