Security Basics mailing list archives
RE: Sender Spoofing via SMTP
From: "Muhammad Naseer Bhatti" <naseer () digitallinx com>
Date: Fri, 4 Nov 2005 00:29:47 +0500
Look for something like MAIL RELAY in exchange or AUTHENTICATE BEFORE SENDING EMAIL. Also called POP before SMTP. This may solve your problem. Your MX seems to be an open relay with this configuration, and anyone can send email from and to any address. Regards, Muhammad -----Original Message----- From: brandon.steili () gmail com [mailto:brandon.steili () gmail com] Sent: Thursday, November 03, 2005 8:56 PM To: security-basics () securityfocus com Subject: Sender Spoofing via SMTP Hi List, I know this is a common issue that does not seem to be well addressed, but I was hoping you folks could give some suggestions. (preferably for Exchange 2003) If I telnet to a system on the internet and perform the following: telnet target 25 EHLO (assuming Exchange) MAIL FROM: someone RCPT TO: someone_else () TargetDomain com DATA .... The server will happily forward my mail to the internal mailbox without validating anything. I did not have to authenticate, I did not even have to provide a real sender on the system, I could make one up. Again, I know this is a common issue, the question is how can I prevent this from happening? With the proliferation of social engineers / phishers, etc I would like to try and find a way to prevent this, not because it is a big problem but because it might become a big problem. Obviously user training can only go so far and our clients are not going to think twice if they recieve an email that appears to be from a company exec... Thanks!
Current thread:
- Sender Spoofing via SMTP brandon . steili (Nov 03)
- RE: Sender Spoofing via SMTP Andrew Chong (Nov 04)
- Re: Sender Spoofing via SMTP Thierry Zoller (Nov 07)
- Re: Sender Spoofing via SMTP Ansgar -59cobalt- Wiechers (Nov 07)
- Re: Sender Spoofing via SMTP dallas jordan (Nov 04)
- Re: Sender Spoofing via SMTP FocusHacks (Nov 04)
- RE: Sender Spoofing via SMTP Muhammad Naseer Bhatti (Nov 04)
- Re: Sender Spoofing via SMTP Gaddis, Jeremy L. (Nov 04)
- Re: Sender Spoofing via SMTP Florian Streck (Nov 04)
- Re: Sender Spoofing via SMTP Barrie Dempster (Nov 04)
- Re: Sender Spoofing via SMTP Yousef Syed (Nov 07)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 07)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 07)
- <Possible follow-ups>
- Re: Sender Spoofing via SMTP jlopez2k5 (Nov 04)
- Re: Sender Spoofing via SMTP jalbuquerque (Nov 04)
- RE: Sender Spoofing via SMTP Tim Ballingall (Nov 04)
- RE: Sender Spoofing via SMTP Craig Wright (Nov 04)
(Thread continues...)
- RE: Sender Spoofing via SMTP Andrew Chong (Nov 04)