Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Sender Spoofing via SMTP

From: "Tim Ballingall" <tpb () mazda com au>
Date: Fri, 4 Nov 2005 16:14:59 +1100
Brandon,

Assuming the domains you mention are not your domains, you then have
what's known as an open relay, but I always though this is meant to be
disabled by default in Exch 2003 ( not in older versions )

Check this link out
http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3TransnR
outing/b218d8a9-8d3a-4c7d-b0a9-c969ee1232f6.mspx

Or, preferably, don't open your exchange server to the internet. Put a
secured proxy in front, like mailmarshall, mailsweeper ( there are many
more ) , or even a locked down postfix box. You can even use a
mailwashing service.

Tim

-----Original Message-----
From: brandon.steili () gmail com [mailto:brandon.steili () gmail com] 
Sent: Friday, 4 November 2005 2:56 AM
To: security-basics () securityfocus com
Subject: Sender Spoofing via SMTP

Hi List,

I know this is a common issue that does not seem to be well addressed,
but I was hoping you folks could give some suggestions. (preferably for
Exchange 2003)

If I telnet to a system on the internet and perform the following:

telnet target 25
EHLO (assuming Exchange)
MAIL FROM: someone
RCPT TO: someone_else () TargetDomain com
DATA .... 

The server will happily forward my mail to the internal mailbox without
validating anything. I did not have to authenticate, I did not even have
to provide a real sender on the system, I could make one up. Again, I
know this is a common issue, the question is how can I prevent this from
happening? 

With the proliferation of social engineers / phishers, etc I would like
to try and find a way to prevent this, not because it is a big problem
but because it might become a big problem. 

Obviously user training can only go so far and our clients are not going
to think twice if they recieve an email that appears to be from a
company exec...

Thanks!


The new MX-5. Don't just drive the car. Be the car. www.bethecar.com.au
****************************************************************************************
This email and its attachments contain confidential, private and/or personal
information and should be strictly treated as such. If you are not the 
intended recipient of this email, please notify us immediately on +61 3 8540
1800 and delete and permanently erase the email, its attachments and all 
copies thereof, including all copies stored in any backup system or other medium. All of the emailed information is 
intended for a specific individual
purpose and may be subject to copyright and/or professional privilege. If you are not the intended recipient of this 
email, you and your agents must not use, disseminate, print or copy the emailed information or any part 
thereof, or take action based on the emailed information or any part thereof, 
without Mazda's express written consent. Mazda does not guarantee that 
this e-mail is virus or error free. The attached files are provided and may
only be used by the intended recipient on the basis that the recipient 
assumes all responsibility for any loss, damage or consequence resulting 
directly or indirectly from the use of the attached files, whether or not caused by the negligence of the sender.

If this is a commercial electronic message within the meaning of the Spam Act,  you may indicate that you do not wish 
to receive any further commercial 
electronic  messages from Mazda Australia by sending an e-mail to 
mailto:privacy () mazda com au
****************************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: