Re: SMTP Service in private DMZ OK?

From: Random Task (rand0m_t4sk_at_yahoo.com)
Date: 01/27/04

  • Next message: Dominique Hoffman: "terminal server" 
    Date: Tue, 27 Jan 2004 14:41:34 -0800 (PST)
To: mlyman-security@comcast.net, focus-ms@securityfocus.com

    --- Mike Lyman <mlyman-security@comcast.net> wrote:
    > If you are talking about Window 2000 and beyond, it's locked down
    > against relaying by default.

    One issue I've found but not resolved yet is the ability to relay
    mail to users in a domain by using a fake email address in that
    domain as the From: address. Example:

    >> nc mail.domain.com 25
    220 mail.domain.com ready
    helo
    250 mail.domain.com Hello [1.2.3.4]
    mail from: fake-user@domain.com
    220 2.1.0 fake-user@domain.com....Sender OK
    rcpt to: real-user@domain.com
    220 2.1.5 real-user@domain.com
    354 Start mail input; end with <CRLF>.<CRLF>
    subject: blah
    message
    message
    .
    250 2.6.0 <msgid stuff> Queued mail for delivery

    This message went through even though that user didn't exist. This
    could allow an attacker to perform some social engineering of some
    sort, whether it's through URL redirection, reply-to address, or
    whatever. Has anyone seen a way to prevent this behavior in Exchange
    2000/2003? GroupWise?

    Thanks.
    rt
    (I can respond on my real work address if you like, just request it.)

    __________________________________
    Do you Yahoo!?
    Yahoo! SiteBuilder - Free web site building tool. Try it!
    http://webhosting.yahoo.com/ps/sb/

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Dominique Hoffman: "terminal server"

    Relevant Pages

    • Re: ie 6 problem
      ... order to continue with my work, after I click on the X and the window appears ... I have only a few items from Yahoo such as TV Guide, Sports, calendar, ... > What You Should Know About Spyware ... Removing some spyware can damage the Winsock stact. ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: Reinstall IE 6
      ... IE6 ?browser back again. ... To Remove a Custom Internet Explorer Window Title ... "Microsoft Internet Explorer" becomes the ... with Yahoo, what happens if I delete the directory for Internet explore ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Java acting strange (New info)
      ... When I play euchre on Yahoo and click on a table it pops ... window is supposed to pop up over the previous window. ... finalize objects on finalization queue ... v: dump thread stack ...
      (microsoft.public.windowsxp.general)
    • Re: opening link in a new window
      ... That may indeed be the case (not Yahoo, but I think he may have something ... The Yahoo toolbar is a very common cause. ... should allow a second window to open. ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: IE will not open any new windows
      ... I didn't even know I had a Yahoo Toolbar and sure ... Uninstalling Yahoo Companion is the ... >> IE will not open a new window. ...
      (microsoft.public.windows.inetexplorer.ie6.browser)