Penetration Testing mailing list archives
RE: Mail Server problem / query
From: "Joe_Wulf" <Joe_Wulf () yahoo com>
Date: Thu, 14 Apr 2005 09:58:45 -0400
Depends on the type you are doing. Check out 'qmail' and 'exim'. They definately have configurable options to allow/prevent, thus manage exactly what you are talking about. You didn't mention the type of mail server you are testing---that might have helped. R, -Joe Wulf, CISSP ProSync Technology Group, LLC www.prosync.com Senior IA Engineer -----Original Message----- From: Marc Davison [mailto:m_davison () talk21 com] Sent: Wednesday, April 13, 2005 17:45 To: pen-test () securityfocus com Subject: Mail Server problem / query Hi all, I hope you can help with this. I have been testing a server for open-relay and found that I could connect from an external machine and send mails using a MAIL FROM (the local domain) and a RCPT TO (the local domain) - now this may seem fine as internal users will need to send mail to other internal users but my query is whether there are mail servers which can be configured to recognise that the connection was an external address and therefore that the MAIL FROM address was invalid. eg I can send a mail from the CEO of the company to his own secretary asking her to copy his hotmail address on all future mails and to the secretary, this mail seems perfectly valid yet me (prospective attacker) outside the comapany may now receive loads of sensitive mails (assuming the secretary is the type who doesn't like to query things and ask questions) - thanks in advance. Send instant messages to your online friends http://uk.messenger.yahoo.com
Current thread:
- Mail Server problem / query Marc Davison (Apr 13)
- RE: Mail Server problem / query Joe_Wulf (Apr 14)
- <Possible follow-ups>
- Re: Mail Server problem / query Prashant Gawade (Apr 14)
- re: Mail Server problem / query Mel Drews (Apr 17)
- RE: Mail Server problem / query Michael Scheidell (Apr 22)