Security Basics mailing list archives
Re: [LIST][SECURITYBASICS] Sender Spoofing via SMTP
From: Tomasz Nidecki <tonid () hakin9 org>
Date: Thu, 17 Nov 2005 12:40:45 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 I've re-read your message Devdas, and finally understood you had something different in mind with your clues. So here are some more comments. Friday, November 11, 2005, 3:21:20 PM, Devdas Bhagat wrote:
2. For an UNAUTHENTICATED user: 2.1. Check the domain in MAIL FROM against a list of your local domains 2.2. DENY the mail if it matches, since there should be no such case where an unauthenticated user is sending mail with your MAIL FROM.
Clue: .forward
The cases when it would disturb pre-delivery forwarding would be severely limited and in such cases forwarding is usually not used. Hint: If an unauthenticated user [i.e. another server] is sending mail to you with your domain's MAIL FROM, that would mean that one of your users has a forwarding address on another machine, and the mail is to be received by your user. Eg.: joe () yourserver com has a forwarding address joe () forward com and alice () yourserver com wants to write e-mail to Joe. Why would Alice use the forwarding address, if the domains are in the same company? [I'm proposing this solution on company servers, NOT ISPs or private servers, for the purpose of brand protection]. Hence, there would be a problem if alice () yourserver com would write to joe () forward com and the forward.com mailserver sent mail from alice () yourserver com to joe () yourserver com. But as I said in the company environment this should not happen, and if it happens, it only affects the company's local users.
2.3. Additionally, if possible, also check the domain in From: header in the DATA section, before queueing it, and do the same as above.
Clue: Mailing lists.
True. This would make mail sent to external mailing lists from company employees undeliverable to other company employees. But then again, this proposal is for brand protection for companies. It's up to the management whether they are willing to adopt such a strategy which only limits the local company users, no one else. - -- Tomasz Nidecki, Sekr. Redakcji / Managing Editor hakin9 magazine http://www.hakin9.org mailto:tonid () hakin9 org jid:tonid () tonid net Do you know what "hacker" means? http://www.catb.org/~esr/faqs/hacker-howto.html Czy wiesz, co znaczy slowo "haker"? http://www.jtz.org.pl/Inne/hacker-howto-pl.html -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUAQ3xsPUR7PdagQ735AQGRaAQAs6s71GbqgDnm86yqlNuvup56jr0Q45yW aXaIlduBYYnVbDDy0DuzuwQ991pP5WLhLJhAnK1O5Y2sK5dGpMizzy2jO2UoT4F1 IBUe/9eaxPwOk9PG5uK8PhkVEE0k15EQgIl1bIpg52+0hKkMp0RMrZDgCHOxPRXT bIP9fx1pk4A= =AyJk -----END PGP SIGNATURE-----
Current thread:
- RE: Sender Spoofing via SMTP, (continued)
- RE: Sender Spoofing via SMTP Matt Stovall (Nov 07)
- Re: Re: Sender Spoofing via SMTP dominiquesb (Nov 07)
- Re: Re: Sender Spoofing via SMTP Bryan S. Sampsel (Nov 08)
- Re: Re: Sender Spoofing via SMTP brandon . steili (Nov 07)
- Re: Re: Sender Spoofing via SMTP Barrie Dempster (Nov 08)
- Re: Re: Sender Spoofing via SMTP Bryan S. Sampsel (Nov 08)
- RE: Sender Spoofing via SMTP Matt Stovall (Nov 08)
- Re: [LIST][SECURITYBASICS] Sender Spoofing via SMTP Tomasz Nidecki (Nov 09)
- Re: [LIST][SECURITYBASICS] Sender Spoofing via SMTP Devdas Bhagat (Nov 15)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 16)
- Re: [LIST][SECURITYBASICS] Sender Spoofing via SMTP Tomasz Nidecki (Nov 17)
- Re: [LIST][SECURITYBASICS] Sender Spoofing via SMTP Tomasz Nidecki (Nov 09)
- RE: Sender Spoofing via SMTP Matt Stovall (Nov 08)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 09)