Re: Can NT4 SMTP Service be misused for mail spamming

eric_at_LIEGE.COM
Date: 09/19/03

  • Next message: Russ: "Administrivia #30680 - Spam harvesting and NTBugtraq"
    Date:         Fri, 19 Sep 2003 16:47:45 +0200
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Yes NT4 SMTP service can be easily misused and the ones from Windows
    2000 and 2003 too.

    You will probably discover more funny vulnerabilities by just typing
    telnet relay-test.mail-abuse.org in a command line from the server you
    want to test.

    Even the last SMTP service from Windows 2003 fully patched accept
    classical
    vulnerabilities exploited by spammers

    Here is an 2003 example

    :Relay test: #Test 17
    >>> mail from: <spamtest@[1.2.3.4]>
    <<< 250 2.1.0 spamtest@[1.2.3.4]....Sender OK
    >>> rcpt to: <mail-abuse.org!nobody>
    <<< 250 2.1.5 mail-abuse.org!nobody@testserver.netline.be
    >>> QUIT
    <<< 221 2.0.0 testserver.netline.be Service closing transmission channel
    Tested host banner: 220 testserver.netline.be Microsoft ESMTP MAIL
    Service, Version:
     6.0.3790.0 ready at Fri, 19 Sep 2003 12:09:15 +0200
    System appeared to accept 1 relay attempts

    To protect more seriously your SMTP service from relay abuse, may I
    suggest to you to have a look at ORF Enterprise Edition 1.4 from
    http://www.vamsoft.com . ORF acts as spam filtering extension for
    Microsoft IIS SMTP Service and Microsoft Exchange 2000/2003 servers.

    ORF's most effective spam filtering feature is the ability to use
    multiple external spam source databases (DNS blacklists) simultaneously.
    The reverse DNS (RDNS) test can reject emails coming from fake,
    non-existent domains, the FQDN test is for blocking emails with broken
    sender information.

    You can create your own IP address, sender and recipient email address
    lists in ORF. While the whitelists can be used to exclude hosts, senders
    or local mailboxes from filtering, the same type of blacklists help you
    reject messages from specific hosts or IP ranges, senders (domains) or
    local mailboxes.

    ----
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available.  And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to
    http://www.trusecure.com/offer/s0100/
    ----
    

  • Next message: Russ: "Administrivia #30680 - Spam harvesting and NTBugtraq"