Penetration Testing mailing list archives

Re: Mail Relay / Open Mail Replay

From: haZard0us <hazard0us.pt () gmail com>
Date: Sun, 02 Oct 2011 20:33:05 +0100

On 02-10-2011 19:25, informationhacker08 wrote:

Suppose there is Mail server having port 25 open xyz.com
an attacker login on Mail server  through telnet and then try to send the
mail but the he can
  only send a mail within the xyz company not outside ..so this will be
consider as Vulnerability or not

eg. telnet xyz.com
mail from:<dddd () ddddd com>
mail rcpt :<vbn () xyz com>--->only within  the network not outside realying
the mail


In my humble opinion, i think that it is.

Because if he can access your mail server, he can send mails pretendingwhoever he wants to be. Social Engineering attacks work like these.


This is my humble opinion, since i'm still a "new kid on the block".

-haZ

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Mail Relay / Open Mail Replay informationhacker08 (Oct 02)
- Re: Mail Relay / Open Mail Replay haZard0us (Oct 02)
- Re: Mail Relay / Open Mail Replay Voulnet (Oct 02)
- Re: Mail Relay / Open Mail Replay Michal Zalewski (Oct 02)
- Re: Mail Relay / Open Mail Replay Andy Meyers (Oct 02)