Re: Sender Spoofing via SMTP
From: FocusHacks (focushacks_at_gmail.com)
Date: 11/04/05
- Previous message: dallas jordan: "Re: Sender Spoofing via SMTP"
- In reply to: brandon.steili_at_gmail.com: "Sender Spoofing via SMTP"
- Next in thread: jlopez2k5_at_gmail.com: "Re: Sender Spoofing via SMTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 4 Nov 2005 09:38:39 -0600 To: "brandon.steili@gmail.com" <brandon.steili@gmail.com>
You can prevent it from happening by people using your own SMTP
servers as a relay by disallowing relays.
If you do not want incoming mail that has been relayed, the best bet
is to use one of the mail relay blackhole lists. One such list is
http://www.mail-abuse.com/
What you get: A list of known IP Addresses that allow open relay (and
thus, proliferation of spam)
The Good: When you block these IP addresses, you no longer receive
mail via any known open relays. Some spam squeaks past via open
relays that haven't been discovered but they do not last long.
The Bad: If someone that you want to be able to communicate with
happens to be using a black-holed provider, you won't get the
communication. Also, end users will typically have no idea that
they've been blackholed unless your filtering solution has an
auto-responder.
The Ugly: A temporary misconfiguration and/or fresh install of the
host OS can often lead to being blackholed. I switched plans with a
dedicated hosting company, and got upgraded hardware and a fresh
install of Linux with it. Within an hour (before I could get around
to reconfiguring sendmail), I was blackholed and it took more than a
day to clear up the issue with all the blackhole lists. There are a
LOT of different lists that one must clear themselves from.
Fortunately only 5 or 6 had flagged me. See http://rbls.org/
On 3 Nov 2005 15:56:23 -0000, brandon.steili@gmail.com
<brandon.steili@gmail.com> wrote:
> Hi List,
>
> I know this is a common issue that does not seem to be well addressed, but I was hoping you folks could give some suggestions. (preferably for Exchange 2003)
>
> If I telnet to a system on the internet and perform the following:
>
> telnet target 25
> EHLO (assuming Exchange)
> MAIL FROM: someone
> RCPT TO: someone_else@TargetDomain.com
> DATA ....
>
> The server will happily forward my mail to the internal mailbox without validating anything. I did not have to authenticate, I did not even have to provide a real sender on the system, I could make one up. Again, I know this is a common issue, the question is how can I prevent this from happening?
>
> With the proliferation of social engineers / phishers, etc I would like to try and find a way to prevent this, not because it is a big problem but because it might become a big problem.
>
> Obviously user training can only go so far and our clients are not going to think twice if they recieve an email that appears to be from a company exec...
>
> Thanks!
>
-- http://www.FocusHacks.com - The Ford Focus Modification Site!
- Previous message: dallas jordan: "Re: Sender Spoofing via SMTP"
- In reply to: brandon.steili_at_gmail.com: "Sender Spoofing via SMTP"
- Next in thread: jlopez2k5_at_gmail.com: "Re: Sender Spoofing via SMTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
