Re: SMTP Pen Test

[Clone <c70n3 () yahoo co in>]

Well, did you mean Reverse-DNS? I guess Reverse-DNS &
SMTP AUTH should resolve both the issues.

Incorporating SSL on SMTP would further ensure that
emails are not stolen over the wire and there is no
identity theft.

I understand that applying SMTP AUTH wouldn't stop two
different domain SMTP servers with MX records like
smtp.xyz.com and smtp.abc.com communicate with each
other on sending or reception of email. I understand
that's what it should be like and that's what we want.


--- "Antonio Augusto (Mancha)" <khaoticmind () gmail com>
wrote:

> SMTPAuth may be the solution for the second case,
> but for the first
> your best option is a good Antispam. Usually SMTP
> will accept any
> e-mail coming from anywhere (since there is no way
> to identify if the
> sender is valid or not).
> Antispams can block some of this using technologies
> like Domain Keys
> (to verify if the e-mail from a () abc com really came
> from teh servers
> of abc.com), or grey listing (denying the e-mail at
> first and wait for
> the server at the other side to retry to send it),
> among others.
>
> Cheers,
> KM
>
>
> On Dec 4, 2007 3:50 AM, Clone <c70n3 () yahoo co in>
> wrote:
> > Hi List,
> >
> > What is the best solution for blocking email
> spoofing
> > from an SMTP server? I've come across so many
> cases
> > where it is possible to telnet into an SMTP server
> and
> > spoof emails from it. A few of those common
> conditions
> > are:
> > 1. For an xyz.com SMTP server it is possible to
> send
> > emails from x () abc com to a () xyz com.
> > 2. For an xyz.com SMTP server it is possible to
> send
> > emails from b () xyz com to a () xyz com.
> >
> > SMTP AUTH looks to be the solution to me. Is there
> any
> > alternative?
> >
> > Clone
> >
> >
> >       Explore your hobbies and interests. Go to
> http://in.promos.yahoo.com/groups
> >
------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution
> FREE today!
> > http://www.cenzic.com/downloads
------------------------------------------------------------------------
> >
>
>
>
> -- 
> Informação & Segurança - Informações para sua
> segurança na rede.
> http://info-seg.blogspot.com



      Bring your gang together - do your thing. Go to http://in.promos.yahoo.com/groups


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------