SMTP Security Question?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: SMTP Security Question?

  1. #1
    Senior Member
    Join Date
    Dec 2003
    Posts
    317

    SMTP Security Question?

    i've been checking out some smtp servers with telnet and more than a few of them have "refused to relay my message" when i try to put in my RCPT TO: whoever@whatever.com. i checked it out on google and the only thing i can figure out is that sendmail 8.8 and later have some kind of security measures. Can somebody give me a synopsis on security measures used with smtp servers and tell me why i'm having this problem?

  2. #2
    Member
    Join Date
    Mar 2004
    Posts
    41
    Wow, I havent even used smtp using telnet in a long time.
    I can't really off the top of my head tell you what to do right.
    But I direct you to some really good tutorials.
    www.hackerscenter.com
    is a very good site man.
    You can look there I know for a fact they tutorials on exactly what your looking for.
    Good luck.
    \"If knowledge is power. Why doesn\'t everybody read?\"

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Most SMTP Servers no longer allow open mail relaying.

    Open mail relay
    From Wikipedia, the free encyclopedia.

    An open mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to relay email through it. Until the 1990s this was the normal configuration for a mail server and was often the default on Unix systems at installation. However after spammers started abusing open relays to forward their own messages, it became frowned upon by some members of the Internet community to run such a server. The Can Spam Act of 2003 outlaws this use in the United States. Many ISPs use DNSBLs to prevent open mail relay servers to send mail to them.

    The most famous mail relay is probably that of John Gilmore, who argues that running an open relay is a free speech issue, and that since he has never sent any spam personally he has a right to configure his computer however he pleases.
    You now have to authenticate before you can email someone. Too many spammers were using unsecured SMTP relays, and it was causing problems. Now people secure their servers and lock them down. Requiring users authenticate means your server won't be blacklisted.. and you don't want to be blacklisted. Your users wouldn't be happy.

    You can check out several sites for more information, including.

    SMTP RFC
    Keep your Server from being blacklisted
    Getting Rid of Spam
    Google Directory on Blacklists
    Open Relay Database - FAQ

    Feel free to google for more yourself.

    [EDIT]
    Becareful Randomly connecting to SMTP servers and firing commands at it. It could get you in a whole lot of trouble, depending on the commands you enter. I would suggest you setup your own SMTP server if you wish to play around. ISPs and Companies log the data coming into their servers and you don't wanna get yourself in trouble.
    [/EDIT]

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    if you really want to learn stop reading old "hacking" tutorials. read the rfcs and white papers all over the internet. As HT has said this hasn't been the norm for quit some time. when it was the norm it wasn't considerde hacking but a rather standard method of sending/receiving email.

    if you want to send a harmless prank use the smtp server on your oun computer. if you want to remain anonymous use an anonymous re-mailer. But if you have to find an open relay check out the spam thats sent to you.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Senior Member
    Join Date
    Dec 2003
    Posts
    317
    ok, cool. is there any way to authenticate myself and then telnet to it and send the message? outlook can do it, right? i was using my isp's server to send mail that way, but it seems like they only let you do it if you have one of their ip's. how would i go about using the smtp server on my own computer?

  6. #6
    Senior Member
    Join Date
    Dec 2003
    Posts
    317
    what im trying to ask is: whats the difference between an open relay server and a secured server?

    An open mail relay occurs when a mail server processes a mail message where neither the sender nor the recipient is a local user. In this example, both the sender and the recipient are outside the local domain (or rather, the local IP range, for the techically inclined). The mail server is an entirely unrelated third party to this transaction. The message really has no business passing through this server.
    i found this but i really have no idea what it means? does it mean that in order for the server send mail, you have to be connected to the same network as the mail server? how does hotmail work then? how am i able to configure my mail client from anywhere in the world and still send/receive email if this is the case?

    this too:
    [edit]
    553 SMTP Relaying Denied
    This error is caused for one of two reasons:

    1. You are attempting to send email to a domain that is not recognized by this server

    2. You are attempting to relay email through this server, and have not authenticated

    Most likely you are seeing this message because you have not authenticated. To use this server as a relay (to send email to an outside address using your domain name), you must authenticate first.

    You can do this in one of two ways:

    1. SMTP Authentication - SMTP AUTH is a method for verifying a user's login and password before allowing Mail to be sent to other Mail Servers on the Internet. Your Email Client is required to login before sending mail. This method allows you to simply enter your Username and Password (the same ones you use for POP or IMAP) in the SMTP settings in your email program.

    2. POP before Send - This method allows you to simply check your email before sending. Once you have checked your email, you are allowed to relay for the next 15 minutes from your current IP address without further authentication.
    [/edit]

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    "how would i go about using the smtp server on my own computer?"

    easy assuming you have 2k or better. configure in outlook an smtp server set to 127.0.0.1. you can config pop the same. it doesnt matter as you can't receive mail this way. go to control panel and make sure SMTP is turned on. but remember your ip address WILL be in the header so its good for a friendly laugh. if you dont have an os with an smtp server you can download one of the free ones like argosoft. its realy kid of a fun way to learn more about smtp
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #8
    Senior Member
    Join Date
    Dec 2003
    Posts
    317
    but remember your ip address WILL be in the header so its good for a friendly laugh
    i thought it was anyway cuz the smtp server puts the ip it was received from in the header

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    yes but if you were to use an anonymous re-mailer it wouldn't be. thats the purpose of them and there are many ways to get aound having "your" ip included in the header of an email.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  10. #10
    Senior Member
    Join Date
    Dec 2003
    Posts
    317
    thanx alot

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •