Mail Server problem / query

From: Marc Davison (m_davison_at_talk21.com)
Date: 04/13/05

Next message: Clement Dupuis: "RE: Fingerprinting Firewall"

Previous message: Foundation Linux: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"
Next in thread: Prashant Gawade: "Re: Mail Server problem / query"
Maybe reply: Prashant Gawade: "Re: Mail Server problem / query"
Reply: Joe_Wulf: "RE: Mail Server problem / query"
Maybe reply: Mel Drews: "re: Mail Server problem / query"
Maybe reply: Michael Scheidell: "RE: Mail Server problem / query"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 13 Apr 2005 22:44:55 +0100 (BST)
To: pen-test@securityfocus.com

Hi all, I hope you can help with this. I have been
testing a server for open-relay and found that I could
connect from an external machine and send mails using
a MAIL FROM (the local domain) and a RCPT TO (the
local domain) - now this may seem fine as internal
users will need to send mail to other internal users
but my query is whether there are mail servers which
can be configured to recognise that the connection was
an external address and therefore that the MAIL FROM
address was invalid. eg I can send a mail from the CEO
of the company to his own secretary asking her to copy
his hotmail address on all future mails and to the
secretary, this mail seems perfectly valid yet me
(prospective attacker) outside the comapany may now
receive loads of sensitive mails (assuming the
secretary is the type who doesn't like to query things
and ask questions) - thanks in advance.

Send instant messages to your online friends http://uk.messenger.yahoo.com

Next message: Clement Dupuis: "RE: Fingerprinting Firewall"

Previous message: Foundation Linux: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"
Next in thread: Prashant Gawade: "Re: Mail Server problem / query"
Maybe reply: Prashant Gawade: "Re: Mail Server problem / query"
Reply: Joe_Wulf: "RE: Mail Server problem / query"
Maybe reply: Mel Drews: "re: Mail Server problem / query"
Maybe reply: Michael Scheidell: "RE: Mail Server problem / query"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Published Websites in-accessable locally
... Do you mean that you can connect to the external machine ... Yes.I can connect the external machinefrom teh client without ISA ... connect to the external server. ... It is not recommended that host the web site on the SBS ...
(microsoft.public.windows.server.sbs)
RE: Can you share a server share from a client?
... server on the .LOCAL domain in which you want the Mac OS X system to access. ... Ok I named my domain .local before we had a Mac. ... It will connect to all the other clients but not the server, ...
(microsoft.public.windows.server.sbs)
Re: SBS Exchange 2000 not delivering anymail (internal or external)
... A .local domain for internal DNS is the secure and preferred method ... on your server. ... Have you tried to Telnet to Port 25 of another Exchange Server ...
(microsoft.public.exchange.admin)
Re: Exchange Error
... (domains and server munged by me) ... Check your route and topology; use the winroute tool to ensure ... Notice that the .local domain was used for this one. ... Client/Server Messaging Security with spam filter running. ...
(microsoft.public.windows.server.sbs)
Re: Exchange Error
... (domains and server munged by me) ... Check your route and topology; use the winroute tool to ensure ... Notice that the .local domain was used for this one. ... Client/Server Messaging Security with spam filter running. ...
(microsoft.public.windows.server.sbs)