Re: Can NT4 SMTP Service be misused for mail spamming
Date: Fri, 19 Sep 2003 16:47:45 +0200 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Yes NT4 SMTP service can be easily misused and the ones from Windows
2000 and 2003 too.
You will probably discover more funny vulnerabilities by just typing
telnet relay-test.mail-abuse.org in a command line from the server you
want to test.
Even the last SMTP service from Windows 2003 fully patched accept
vulnerabilities exploited by spammers
Here is an 2003 example
:Relay test: #Test 17
>>> mail from: <firstname.lastname@example.org>
<<< 250 2.1.0 email@example.com....Sender OK
>>> rcpt to: <mail-abuse.org!nobody>
<<< 250 2.1.5 firstname.lastname@example.org
<<< 221 2.0.0 testserver.netline.be Service closing transmission channel
Tested host banner: 220 testserver.netline.be Microsoft ESMTP MAIL
6.0.3790.0 ready at Fri, 19 Sep 2003 12:09:15 +0200
System appeared to accept 1 relay attempts
To protect more seriously your SMTP service from relay abuse, may I
suggest to you to have a look at ORF Enterprise Edition 1.4 from
http://www.vamsoft.com . ORF acts as spam filtering extension for
Microsoft IIS SMTP Service and Microsoft Exchange 2000/2003 servers.
ORF's most effective spam filtering feature is the ability to use
multiple external spam source databases (DNS blacklists) simultaneously.
The reverse DNS (RDNS) test can reject emails coming from fake,
non-existent domains, the FQDN test is for blocking emails with broken
You can create your own IP address, sender and recipient email address
lists in ORF. While the whitelists can be used to exclude hosts, senders
or local mailboxes from filtering, the same type of blacklists help you
reject messages from specific hosts or IP ranges, senders (domains) or
---- Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER! With a growth rate exceeding 110%, the TICSA security practitioner certification is one of the hottest IT credentials available. And now, for a limited time, you can save 33% off of the TICSA certification exam! To learn more about the TICSA certification, and to register as a TICSA candidate online, just go to http://www.trusecure.com/offer/s0100/ ----