Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Sender Spoofing via SMTP

From: "Craig Wright" <cwright () bdosyd com au>
Date: Sat, 5 Nov 2005 12:17:11 +1100

He stated " my mail to the internal mailbox" so this is not an open relay question but one of spoofing sender addresses 
to a valid internal user

        -----Original Message----- 
        From: Tim Ballingall [mailto:tpb () mazda com au] 
        Sent: Fri 4/11/2005 4:14 PM 
        To: brandon.steili () gmail com; security-basics () securityfocus com 
        Cc: 
        Subject: RE: Sender Spoofing via SMTP
        
        

        Brandon,
        
        Assuming the domains you mention are not your domains, you then have
        what's known as an open relay, but I always though this is meant to be
        disabled by default in Exch 2003 ( not in older versions )
        
        Check this link out
        http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3TransnR
        outing/b218d8a9-8d3a-4c7d-b0a9-c969ee1232f6.mspx
        
        Or, preferably, don't open your exchange server to the internet. Put a
        secured proxy in front, like mailmarshall, mailsweeper ( there are many
        more ) , or even a locked down postfix box. You can even use a
        mailwashing service.
        
        Tim
        
        -----Original Message-----
        From: brandon.steili () gmail com [mailto:brandon.steili () gmail com]
        Sent: Friday, 4 November 2005 2:56 AM
        To: security-basics () securityfocus com
        Subject: Sender Spoofing via SMTP
        
        Hi List,
        
        I know this is a common issue that does not seem to be well addressed,
        but I was hoping you folks could give some suggestions. (preferably for
        Exchange 2003)
        
        If I telnet to a system on the internet and perform the following:
        
        telnet target 25
        EHLO (assuming Exchange)
        MAIL FROM: someone
        RCPT TO: someone_else () TargetDomain com
        DATA ....
        
        The server will happily forward my mail to the internal mailbox without
        validating anything. I did not have to authenticate, I did not even have
        to provide a real sender on the system, I could make one up. Again, I
        know this is a common issue, the question is how can I prevent this from
        happening?
        
        With the proliferation of social engineers / phishers, etc I would like
        to try and find a way to prevent this, not because it is a big problem
        but because it might become a big problem.
        
        Obviously user training can only go so far and our clients are not going
        to think twice if they recieve an email that appears to be from a
        company exec...
        
        Thanks!
        
        
        The new MX-5. Don't just drive the car. Be the car. www.bethecar.com.au
        ****************************************************************************************
        This email and its attachments contain confidential, private and/or personal
        information and should be strictly treated as such. If you are not the
        intended recipient of this email, please notify us immediately on +61 3 8540
        1800 and delete and permanently erase the email, its attachments and all
        copies thereof, including all copies stored in any backup system or other medium. All of the emailed 
information is intended for a specific individual
        purpose and may be subject to copyright and/or professional privilege. If you are not the intended recipient of 
this email, you and your agents must not use, disseminate, print or copy the emailed information or any part
        thereof, or take action based on the emailed information or any part thereof,
        without Mazda's express written consent. Mazda does not guarantee that
        this e-mail is virus or error free. The attached files are provided and may
        only be used by the intended recipient on the basis that the recipient
        assumes all responsibility for any loss, damage or consequence resulting
        directly or indirectly from the use of the attached files, whether or not caused by the negligence of the 
sender.
        
        If this is a commercial electronic message within the meaning of the Spam Act,  you may indicate that you do 
not wish to receive any further commercial
        electronic  messages from Mazda Australia by sending an e-mail to
        mailto:privacy () mazda com au
        ****************************************************************************
        
        


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.  

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.
Previous By Date Next
Previous By Thread Next

Current thread: