RE: Sender Spoofing via SMTP

["Muhammad Naseer Bhatti" <naseer () digitallinx com>]

Look for something like MAIL RELAY in exchange or AUTHENTICATE BEFORE
SENDING EMAIL. Also called POP before SMTP. This may solve your problem.
Your MX seems to be an open relay with this configuration, and anyone can
send email from and to any address.


Regards,


Muhammad
 

-----Original Message-----
From: brandon.steili () gmail com [mailto:brandon.steili () gmail com] 
Sent: Thursday, November 03, 2005 8:56 PM
To: security-basics () securityfocus com
Subject: Sender Spoofing via SMTP

Hi List,

I know this is a common issue that does not seem to be well addressed, but I
was hoping you folks could give some suggestions. (preferably for Exchange
2003)

If I telnet to a system on the internet and perform the following:

telnet target 25
EHLO (assuming Exchange)
MAIL FROM: someone
RCPT TO: someone_else () TargetDomain com
DATA .... 

The server will happily forward my mail to the internal mailbox without
validating anything. I did not have to authenticate, I did not even have to
provide a real sender on the system, I could make one up. Again, I know this
is a common issue, the question is how can I prevent this from happening? 

With the proliferation of social engineers / phishers, etc I would like to
try and find a way to prevent this, not because it is a big problem but
because it might become a big problem. 

Obviously user training can only go so far and our clients are not going to
think twice if they recieve an email that appears to be from a company
exec...

Thanks!