Penetration Testing mailing list archives

Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email

From: Fyodor <fygrave () TIGERTEAM NET>
Date: Wed, 30 Aug 2000 00:26:28 +0700

~:
~:An associate has suggested that I would need to hand-hack the sendmail.cf
~:file to add another (local) recipient into the mail delivery before it is
~:sent off to mailertable for delivery.  My sendmail skills aren't quite up


if you want to stick with standard sendmail features, you will need to use
mailertable or virtusertable feature. Something like this might work:

@their.domain.com       yourlocaluser, %1 () mailserver their domain com

I am not certain if you can place several domains on right side, try
experimenting with different delimeters, maybe just plain space, I am lazy
to play with it on the moment.

 However if either way fails, do it in simple-stupid-but-works way :-)

Add something like:

yourlocalalias: localuser, blahuser () odd local com

to aliases file, and:

@their.domain.com       yourlocalalias
@odd.local.com          %@mail.their.domain.com

to virtusertable or something. :)

Also you may want to pass the message through a script to remove headers
which would point out that the mail has gone through your box (althrough
they would still see `received from: yourbox' header there, but there
might be ways around it as well. (f.e. ehlo AA..A with old sendmails and
other MTAs)).

 in this case something like:

@their.domain.com yourlocalalias

in virtusertable, and:

yourlocalalias: "|/your/script"

in aliases would be enough.

However if you want to do it in a geeky way :), replace ^Mrelay mailer
with something pointing to your own `delivery' program which would save a
copy of message it gets on stdin and then passes it to your budies. Make
sure you make it being able to recognize what domain to relay to, if you
are hijacking multiple domains, cuz relay mailer is used for all relaying
operations in sendmail. blah blah..

hope it helps :)

~:to this level, and I wondered if anybody has ideas on how I can turn this
~:into a reality?  Anybody done something like this before?  Anybody seen a
~:how-to on this?  Anybody provide some pointers to a quick head's-up on
~:sendmail.cf delivery rule hacking?
~:


 Bat-book? :) was a neat source of information for me :)


-F

Current thread:

[PEN-TEST] Hardware Penetration -- A Discovery Involving Gate Access Security Systems Ben Lull (Aug 28)
- [PEN-TEST] Sendmail: Keeping a copy of relayed email David Taylor (Aug 29)
  - Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email DmuZ (Aug 29)
  - Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email Edward Mitchell (Aug 29)
  - Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email Marco (Aug 29)
  - Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email Fyodor (Aug 29)
  - Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email José M. Fandiño (Aug 30)
  - Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email Glynn Clements (Aug 31)