Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Mail Server problem / query

from [Marc Davison] Network Security [Permanent Link]
Subject: Mail Server problem / query
Date: Wed, 13 Apr 2005 22:44:55 +0100 (BST) 
Hi all, I hope you can help with this. I have been
testing a server for open-relay and found that I could
connect from an external machine and send mails using
a MAIL FROM (the local domain) and a RCPT TO (the
local domain) - now this may seem fine as internal
users will need to send mail to other internal users
but my query is whether there are mail servers which
can be configured to recognise that the connection was
an external address and therefore that the MAIL FROM
address was invalid. eg I can send a mail from the CEO
of the company to his own secretary asking her to copy
his hotmail address on all future mails and to the
secretary, this mail seems perfectly valid yet me
(prospective attacker) outside the comapany may now
receive loads of sensitive mails (assuming the
secretary is the type who doesn't like to query things
and ask questions) - thanks in advance.

Send instant messages to your online friends http://uk.messenger.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?, Foundation Linux
Next by Date:  RE: Fingerprinting Firewall, Clement Dupuis
Previous by Thread:  [Full-disclosure] IBM WebSphere Widespread configuration JSP disclosure, SPI Labs
Next by Thread:  RE: Mail Server problem / query, Joe_Wulf
Indexes:  [Date] [Thread] [Top] [All Lists]