Security Basics mailing list archives
RE: Sender Spoofing via SMTP
From: "Craig Wright" <cwright () bdosyd com au>
Date: Sat, 5 Nov 2005 12:17:11 +1100
He stated " my mail to the internal mailbox" so this is not an open relay question but one of spoofing sender addresses to a valid internal user -----Original Message----- From: Tim Ballingall [mailto:tpb () mazda com au] Sent: Fri 4/11/2005 4:14 PM To: brandon.steili () gmail com; security-basics () securityfocus com Cc: Subject: RE: Sender Spoofing via SMTP Brandon, Assuming the domains you mention are not your domains, you then have what's known as an open relay, but I always though this is meant to be disabled by default in Exch 2003 ( not in older versions ) Check this link out http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3TransnR outing/b218d8a9-8d3a-4c7d-b0a9-c969ee1232f6.mspx Or, preferably, don't open your exchange server to the internet. Put a secured proxy in front, like mailmarshall, mailsweeper ( there are many more ) , or even a locked down postfix box. You can even use a mailwashing service. Tim -----Original Message----- From: brandon.steili () gmail com [mailto:brandon.steili () gmail com] Sent: Friday, 4 November 2005 2:56 AM To: security-basics () securityfocus com Subject: Sender Spoofing via SMTP Hi List, I know this is a common issue that does not seem to be well addressed, but I was hoping you folks could give some suggestions. (preferably for Exchange 2003) If I telnet to a system on the internet and perform the following: telnet target 25 EHLO (assuming Exchange) MAIL FROM: someone RCPT TO: someone_else () TargetDomain com DATA .... The server will happily forward my mail to the internal mailbox without validating anything. I did not have to authenticate, I did not even have to provide a real sender on the system, I could make one up. Again, I know this is a common issue, the question is how can I prevent this from happening? With the proliferation of social engineers / phishers, etc I would like to try and find a way to prevent this, not because it is a big problem but because it might become a big problem. Obviously user training can only go so far and our clients are not going to think twice if they recieve an email that appears to be from a company exec... Thanks! The new MX-5. Don't just drive the car. Be the car. www.bethecar.com.au **************************************************************************************** This email and its attachments contain confidential, private and/or personal information and should be strictly treated as such. If you are not the intended recipient of this email, please notify us immediately on +61 3 8540 1800 and delete and permanently erase the email, its attachments and all copies thereof, including all copies stored in any backup system or other medium. All of the emailed information is intended for a specific individual purpose and may be subject to copyright and/or professional privilege. If you are not the intended recipient of this email, you and your agents must not use, disseminate, print or copy the emailed information or any part thereof, or take action based on the emailed information or any part thereof, without Mazda's express written consent. Mazda does not guarantee that this e-mail is virus or error free. The attached files are provided and may only be used by the intended recipient on the basis that the recipient assumes all responsibility for any loss, damage or consequence resulting directly or indirectly from the use of the attached files, whether or not caused by the negligence of the sender. If this is a commercial electronic message within the meaning of the Spam Act, you may indicate that you do not wish to receive any further commercial electronic messages from Mazda Australia by sending an e-mail to mailto:privacy () mazda com au **************************************************************************** Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.
Current thread:
- RE: Sender Spoofing via SMTP, (continued)
- RE: Sender Spoofing via SMTP Craig Wright (Nov 04)
- Re: Sender Spoofing via SMTP brandon . steili (Nov 04)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 07)
- Re: Sender Spoofing via SMTP Ansgar -59cobalt- Wiechers (Nov 07)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 09)
- Re: Sender Spoofing via SMTP Chris Moody (Nov 10)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 07)
- RE: Sender Spoofing via SMTP David Gillett (Nov 07)
- Re: Sender Spoofing via SMTP S.A.B.R.O. Net Security (Nov 08)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 08)
- Re: Re: Sender Spoofing via SMTP Bryan S. Sampsel (Nov 08)
- Re: Re: Sender Spoofing via SMTP Barrie Dempster (Nov 08)
- Re: Re: Sender Spoofing via SMTP Bryan S. Sampsel (Nov 08)
- Re: [LIST][SECURITYBASICS] Sender Spoofing via SMTP Tomasz Nidecki (Nov 09)