Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email

[DmuZ <DmuZ () ANGRYPACKET COM>]

You could use mailsnarf from the wonderful dsniff package at:
http://www.monkey.org/~dugsong/dsniff/
and avoid having to tangle with sendmail.cf at all.

DmuZ

DmuZ () angrypacket com
http://angrypacket.com

~beware the wrath of the angrypacket~

----- Original Message -----
From: David Taylor <taylord () INFOSECURE COM AU>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Monday, August 28, 2000 11:34 PM
Subject: [PEN-TEST] Sendmail: Keeping a copy of relayed email


| Hi Pen-testers,
|
| I am currently looking into the possibility of eavesdropping a client's
| inbound email as part of a penetration test.  I have about 75% of the
| problem worked out, but I would really like some help with the last 25%.
|
| I have figured a way that I can take over DNS authority for their domain
| name, and then set up my own DNS server to serve their records.  Once this
| is in place I will set up one of my machines as their primary MX.  On this
| machine I will use sendmail's mailertable feature to get their incoming
| email to their email server.
|
| My problem is - I want to keep a copy of the incoming email that I relay
| off my machine.
|
| An associate has suggested that I would need to hand-hack the sendmail.cf
| file to add another (local) recipient into the mail delivery before it is
| sent off to mailertable for delivery.  My sendmail skills aren't quite up
| to this level, and I wondered if anybody has ideas on how I can turn this
| into a reality?  Anybody done something like this before?  Anybody seen a
| how-to on this?  Anybody provide some pointers to a quick head's-up on
| sendmail.cf delivery rule hacking?
|
| Thanks
| Dave Taylor
|