Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Sendmail: Keeping a copy of relayed email

From: Mike Ahern <mc_ahern () YAHOO COM>
Date: Tue, 29 Aug 2000 11:52:13 -0700
Answer: I would use SMAP, the SMTP proxy that is
available as part of the Firewall Toolkit (FWTK), and
possibly elsewhere on the Net. It is pretty easy to
configure a process whereby SMAP catches the email and
places it into a directory, a user defined process
copies the mail into a "saved-mail" directory and also
into a directory used by Sendmail prior to forwarding
the email. The purpose of using SMAP in this instance
would be to facilitate a multi-step mail process where
you can inject any user-defined shell script or PERL
process between SMAP and SENDMAIL.

There are also a number of SMAP enhancements and
utilities I have seen on the Net. One of them may
already offer this functionality. At one company I
worked for in the past we modified a SMAP/Sendmail
process to do just this (if certain conditions were
met in mail processed on a company firewall).

Hope this helps...


mch


Question:
David Taylor wrote:


Hi Pen-testers,

I am currently looking into the possibility of

eavesdropping a client's

inbound email as part of a penetration test.  I have

about 75% of the

problem worked out, but I would really like some

help with the last 25%.


I have figured a way that I can take over DNS

authority for their domain

name, and then set up my own DNS server to serve

their records.  Once this

is in place I will set up one of my machines as

their primary MX.  On this

machine I will use sendmail's mailertable feature to

get their incoming

email to their email server.

My problem is - I want to keep a copy of the

incoming email that I relay

off my machine.

An associate has suggested that I would need to

hand-hack the sendmail.cf

file to add another (local) recipient into the mail

delivery before it is

sent off to mailertable for delivery.  My sendmail

skills aren't quite up

to this level, and I wondered if anybody has ideas

on how I can turn this

into a reality?  Anybody done something like this

before?  Anybody seen a

how-to on this?  Anybody provide some pointers to a

quick head's-up on

sendmail.cf delivery rule hacking?

Thanks
Dave Taylor




__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
Previous By Date Next
Previous By Thread Next

Current thread: