Security Basics mailing list archives
RE: Sender Spoofing via SMTP
From: "Tim Ballingall" <tpb () mazda com au>
Date: Fri, 4 Nov 2005 16:14:59 +1100
Brandon, Assuming the domains you mention are not your domains, you then have what's known as an open relay, but I always though this is meant to be disabled by default in Exch 2003 ( not in older versions ) Check this link out http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3TransnR outing/b218d8a9-8d3a-4c7d-b0a9-c969ee1232f6.mspx Or, preferably, don't open your exchange server to the internet. Put a secured proxy in front, like mailmarshall, mailsweeper ( there are many more ) , or even a locked down postfix box. You can even use a mailwashing service. Tim -----Original Message----- From: brandon.steili () gmail com [mailto:brandon.steili () gmail com] Sent: Friday, 4 November 2005 2:56 AM To: security-basics () securityfocus com Subject: Sender Spoofing via SMTP Hi List, I know this is a common issue that does not seem to be well addressed, but I was hoping you folks could give some suggestions. (preferably for Exchange 2003) If I telnet to a system on the internet and perform the following: telnet target 25 EHLO (assuming Exchange) MAIL FROM: someone RCPT TO: someone_else () TargetDomain com DATA .... The server will happily forward my mail to the internal mailbox without validating anything. I did not have to authenticate, I did not even have to provide a real sender on the system, I could make one up. Again, I know this is a common issue, the question is how can I prevent this from happening? With the proliferation of social engineers / phishers, etc I would like to try and find a way to prevent this, not because it is a big problem but because it might become a big problem. Obviously user training can only go so far and our clients are not going to think twice if they recieve an email that appears to be from a company exec... Thanks! The new MX-5. Don't just drive the car. Be the car. www.bethecar.com.au **************************************************************************************** This email and its attachments contain confidential, private and/or personal information and should be strictly treated as such. If you are not the intended recipient of this email, please notify us immediately on +61 3 8540 1800 and delete and permanently erase the email, its attachments and all copies thereof, including all copies stored in any backup system or other medium. All of the emailed information is intended for a specific individual purpose and may be subject to copyright and/or professional privilege. If you are not the intended recipient of this email, you and your agents must not use, disseminate, print or copy the emailed information or any part thereof, or take action based on the emailed information or any part thereof, without Mazda's express written consent. Mazda does not guarantee that this e-mail is virus or error free. The attached files are provided and may only be used by the intended recipient on the basis that the recipient assumes all responsibility for any loss, damage or consequence resulting directly or indirectly from the use of the attached files, whether or not caused by the negligence of the sender. If this is a commercial electronic message within the meaning of the Spam Act, you may indicate that you do not wish to receive any further commercial electronic messages from Mazda Australia by sending an e-mail to mailto:privacy () mazda com au ****************************************************************************
Current thread:
- Re: Sender Spoofing via SMTP, (continued)
- Re: Sender Spoofing via SMTP FocusHacks (Nov 04)
- RE: Sender Spoofing via SMTP Muhammad Naseer Bhatti (Nov 04)
- Re: Sender Spoofing via SMTP Gaddis, Jeremy L. (Nov 04)
- Re: Sender Spoofing via SMTP Florian Streck (Nov 04)
- Re: Sender Spoofing via SMTP Barrie Dempster (Nov 04)
- Re: Sender Spoofing via SMTP Yousef Syed (Nov 07)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 07)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 07)
- Re: Sender Spoofing via SMTP jlopez2k5 (Nov 04)
- Re: Sender Spoofing via SMTP jalbuquerque (Nov 04)
- RE: Sender Spoofing via SMTP Tim Ballingall (Nov 04)
- RE: Sender Spoofing via SMTP Craig Wright (Nov 04)
- Re: Sender Spoofing via SMTP brandon . steili (Nov 04)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 07)
- Re: Sender Spoofing via SMTP Ansgar -59cobalt- Wiechers (Nov 07)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 09)
- Re: Sender Spoofing via SMTP Chris Moody (Nov 10)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 07)
- RE: Sender Spoofing via SMTP David Gillett (Nov 07)
- Re: Sender Spoofing via SMTP S.A.B.R.O. Net Security (Nov 08)