Sender Spoofing via SMTP

brandon.steili_at_gmail.com
Date: 11/03/05

Next message: Brian Loe: "Re: remote desktop question"

Previous message: Brian Loe: "Re: Why NOT to disable Real Time Antivirus on Servers"
Next in thread: Andrew Chong: "RE: Sender Spoofing via SMTP"
Reply: Andrew Chong: "RE: Sender Spoofing via SMTP"
Reply: dallas jordan: "Re: Sender Spoofing via SMTP"
Reply: FocusHacks: "Re: Sender Spoofing via SMTP"
Maybe reply: jlopez2k5_at_gmail.com: "Re: Sender Spoofing via SMTP"
Maybe reply: jalbuquerque_at_northkingstown.org: "Re: Sender Spoofing via SMTP"
Reply: Muhammad Naseer Bhatti: "RE: Sender Spoofing via SMTP"
Reply: Gaddis, Jeremy L.: "Re: Sender Spoofing via SMTP"
Reply: Florian Streck: "Re: Sender Spoofing via SMTP"
Maybe reply: Tim Ballingall: "RE: Sender Spoofing via SMTP"
Maybe reply: Craig Wright: "RE: Sender Spoofing via SMTP"
Maybe reply: brandon.steili_at_gmail.com: "Re: Sender Spoofing via SMTP"
Reply: Barrie Dempster: "Re: Sender Spoofing via SMTP"
Maybe reply: Craig Wright: "RE: Sender Spoofing via SMTP"
Reply: Tomasz Nidecki: "Re: Sender Spoofing via SMTP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 3 Nov 2005 15:56:23 -0000
To: security-basics@securityfocus.com

('binary' encoding is not supported, stored as-is) Hi List,

I know this is a common issue that does not seem to be well addressed, but I was hoping you folks could give some suggestions. (preferably for Exchange 2003)

If I telnet to a system on the internet and perform the following:

telnet target 25
EHLO (assuming Exchange)
MAIL FROM: someone
RCPT TO: someone_else@TargetDomain.com
DATA ....

The server will happily forward my mail to the internal mailbox without validating anything. I did not have to authenticate, I did not even have to provide a real sender on the system, I could make one up. Again, I know this is a common issue, the question is how can I prevent this from happening?

With the proliferation of social engineers / phishers, etc I would like to try and find a way to prevent this, not because it is a big problem but because it might become a big problem.

Obviously user training can only go so far and our clients are not going to think twice if they recieve an email that appears to be from a company exec...

Thanks!

Next message: Brian Loe: "Re: remote desktop question"

Previous message: Brian Loe: "Re: Why NOT to disable Real Time Antivirus on Servers"
Next in thread: Andrew Chong: "RE: Sender Spoofing via SMTP"
Reply: Andrew Chong: "RE: Sender Spoofing via SMTP"
Reply: dallas jordan: "Re: Sender Spoofing via SMTP"
Reply: FocusHacks: "Re: Sender Spoofing via SMTP"
Maybe reply: jlopez2k5_at_gmail.com: "Re: Sender Spoofing via SMTP"
Maybe reply: jalbuquerque_at_northkingstown.org: "Re: Sender Spoofing via SMTP"
Reply: Muhammad Naseer Bhatti: "RE: Sender Spoofing via SMTP"
Reply: Gaddis, Jeremy L.: "Re: Sender Spoofing via SMTP"
Reply: Florian Streck: "Re: Sender Spoofing via SMTP"
Maybe reply: Tim Ballingall: "RE: Sender Spoofing via SMTP"
Maybe reply: Craig Wright: "RE: Sender Spoofing via SMTP"
Maybe reply: brandon.steili_at_gmail.com: "Re: Sender Spoofing via SMTP"
Reply: Barrie Dempster: "Re: Sender Spoofing via SMTP"
Maybe reply: Craig Wright: "RE: Sender Spoofing via SMTP"
Reply: Tomasz Nidecki: "Re: Sender Spoofing via SMTP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]