RE: Sender Spoofing via SMTP

From: Andrew Chong (andrewjw_at_singnet.com.sg)
Date: 11/03/05

  • Next message: Corey Watts-Jones: "RE: Why NOT to disable Real Time Antivirus on Servers" 
    To: <brandon.steili@gmail.com>, <security-basics@securityfocus.com>
Date: Fri, 4 Nov 2005 02:54:23 +0800

    This is a well known SMTP protocol bug.
    Currently, two common technologies are SMIME and PGP to digitally
    sign/encrypt emails.

    Regards,
    Andrew Chong, cissp

    -----Original Message-----
    From: brandon.steili@gmail.com [mailto:brandon.steili@gmail.com]
    Sent: Thursday, November 03, 2005 11:56 PM
    To: security-basics@securityfocus.com
    Subject: Sender Spoofing via SMTP

    Hi List,

    I know this is a common issue that does not seem to be well addressed,
    but I was hoping you folks could give some suggestions. (preferably for
    Exchange 2003)

    If I telnet to a system on the internet and perform the following:

    telnet target 25
    EHLO (assuming Exchange)
    MAIL FROM: someone
    RCPT TO: someone_else@TargetDomain.com
    DATA ....

    The server will happily forward my mail to the internal mailbox without
    validating anything. I did not have to authenticate, I did not even have
    to provide a real sender on the system, I could make one up. Again, I
    know this is a common issue, the question is how can I prevent this from
    happening?

    With the proliferation of social engineers / phishers, etc I would like
    to try and find a way to prevent this, not because it is a big problem
    but because it might become a big problem.

    Obviously user training can only go so far and our clients are not going
    to think twice if they recieve an email that appears to be from a
    company exec...

    Thanks!

  • Next message: Corey Watts-Jones: "RE: Why NOT to disable Real Time Antivirus on Servers"