Penetration Testing mailing list archives
Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email
From: Mike Ahern <mc_ahern () YAHOO COM>
Date: Tue, 29 Aug 2000 11:52:13 -0700
Answer: I would use SMAP, the SMTP proxy that is available as part of the Firewall Toolkit (FWTK), and possibly elsewhere on the Net. It is pretty easy to configure a process whereby SMAP catches the email and places it into a directory, a user defined process copies the mail into a "saved-mail" directory and also into a directory used by Sendmail prior to forwarding the email. The purpose of using SMAP in this instance would be to facilitate a multi-step mail process where you can inject any user-defined shell script or PERL process between SMAP and SENDMAIL. There are also a number of SMAP enhancements and utilities I have seen on the Net. One of them may already offer this functionality. At one company I worked for in the past we modified a SMAP/Sendmail process to do just this (if certain conditions were met in mail processed on a company firewall). Hope this helps... mch Question: David Taylor wrote:
Hi Pen-testers, I am currently looking into the possibility of
eavesdropping a client's
inbound email as part of a penetration test. I have
about 75% of the
problem worked out, but I would really like some
help with the last 25%.
I have figured a way that I can take over DNS
authority for their domain
name, and then set up my own DNS server to serve
their records. Once this
is in place I will set up one of my machines as
their primary MX. On this
machine I will use sendmail's mailertable feature to
get their incoming
email to their email server. My problem is - I want to keep a copy of the
incoming email that I relay
off my machine. An associate has suggested that I would need to
hand-hack the sendmail.cf
file to add another (local) recipient into the mail
delivery before it is
sent off to mailertable for delivery. My sendmail
skills aren't quite up
to this level, and I wondered if anybody has ideas
on how I can turn this
into a reality? Anybody done something like this
before? Anybody seen a
how-to on this? Anybody provide some pointers to a
quick head's-up on
sendmail.cf delivery rule hacking? Thanks Dave Taylor
__________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
Current thread:
- Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email Mike Ahern (Aug 29)