Re: SMTP Pen Test

["Shreyas Zare" <shreyas () technitium com>]

Hi,

You cannot use SMTP AUTH  on an MX server for obvious reasons. One of
the good way would be implementing Sender Policy Framework (SPF) on
your server and your company domain. Secondly use a good DNSBL.

Regards,

On 12/4/07, Clone <c70n3 () yahoo co in> wrote:
> Hi List,
>
> What is the best solution for blocking email spoofing
> from an SMTP server? I've come across so many cases
> where it is possible to telnet into an SMTP server and
> spoof emails from it. A few of those common conditions
> are:
> 1. For an xyz.com SMTP server it is possible to send
> emails from x () abc com to a () xyz com.
> 2. For an xyz.com SMTP server it is possible to send
> emails from b () xyz com to a () xyz com.
>
> SMTP AUTH looks to be the solution to me. Is there any
> alternative?
>
> Clone
>
>
>       Explore your hobbies and interests. Go to http://in.promos.yahoo.com/groups
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------



-- 
("Computers are useless. They can only give you answers." - Pablo Picasso)

Shreyas Zare
Co-Founder, Technitium
eMail: shreyas () technitium com

..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam () technitium com

Technitium Personal Computers
We believe in quality.
Visit http://pc.technitium.com for details.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------