Penetration Testing mailing list archives
Re: SMTP Pen Test
From: Clone <c70n3 () yahoo co in>
Date: Mon, 10 Dec 2007 01:21:56 +0000 (GMT)
Well, did you mean Reverse-DNS? I guess Reverse-DNS & SMTP AUTH should resolve both the issues. Incorporating SSL on SMTP would further ensure that emails are not stolen over the wire and there is no identity theft. I understand that applying SMTP AUTH wouldn't stop two different domain SMTP servers with MX records like smtp.xyz.com and smtp.abc.com communicate with each other on sending or reception of email. I understand that's what it should be like and that's what we want. --- "Antonio Augusto (Mancha)" <khaoticmind () gmail com> wrote:
SMTPAuth may be the solution for the second case, but for the first your best option is a good Antispam. Usually SMTP will accept any e-mail coming from anywhere (since there is no way to identify if the sender is valid or not). Antispams can block some of this using technologies like Domain Keys (to verify if the e-mail from a () abc com really came from teh servers of abc.com), or grey listing (denying the e-mail at first and wait for the server at the other side to retry to send it), among others. Cheers, KM On Dec 4, 2007 3:50 AM, Clone <c70n3 () yahoo co in> wrote:Hi List, What is the best solution for blocking emailspoofingfrom an SMTP server? I've come across so manycaseswhere it is possible to telnet into an SMTP serverandspoof emails from it. A few of those commonconditionsare: 1. For an xyz.com SMTP server it is possible tosendemails from x () abc com to a () xyz com. 2. For an xyz.com SMTP server it is possible tosendemails from b () xyz com to a () xyz com. SMTP AUTH looks to be the solution to me. Is thereanyalternative? Clone Explore your hobbies and interests. Go tohttp://in.promos.yahoo.com/groups
------------------------------------------------------------------------
This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solutionFREE today!http://www.cenzic.com/downloads
------------------------------------------------------------------------
-- Informação & Segurança - Informações para sua segurança na rede. http://info-seg.blogspot.com
Bring your gang together - do your thing. Go to http://in.promos.yahoo.com/groups ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- SMTP Pen Test Clone (Dec 06)
- Re: SMTP Pen Test Shreyas Zare (Dec 10)
- <Possible follow-ups>
- Re: SMTP Pen Test Clone (Dec 10)