Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email

[Marco <m.v.berkum () OBIT NL>]

David Taylor wrote:

> Hi Pen-testers,
>
> I am currently looking into the possibility of eavesdropping a client's
> inbound email as part of a penetration test.  I have about 75% of the
> problem worked out, but I would really like some help with the last 25%.
>
> I have figured a way that I can take over DNS authority for their domain
> name, and then set up my own DNS server to serve their records.  Once this
> is in place I will set up one of my machines as their primary MX.  On this
> machine I will use sendmail's mailertable feature to get their incoming
> email to their email server.
>
> My problem is - I want to keep a copy of the incoming email that I relay
> off my machine.
>
> An associate has suggested that I would need to hand-hack the sendmail.cf
> file to add another (local) recipient into the mail delivery before it is
> sent off to mailertable for delivery.  My sendmail skills aren't quite up
> to this level, and I wondered if anybody has ideas on how I can turn this
> into a reality?  Anybody done something like this before?  Anybody seen a
> how-to on this?  Anybody provide some pointers to a quick head's-up on
> sendmail.cf delivery rule hacking?
>
> Thanks
> Dave Taylor

well... pherhaps you could make a aliasesfile stating the users that you want
to sniff (because thats what it is!)
go to their original adress and to your hacked () myhost com adress, never tried
this, should work.

cheers,
Marco van Berkum
OBIT b.v.
email: m.v.berkum () obit nl