Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SMTP Pen Test

from [Clone] Network Security [Permanent Link]
Subject: Re: SMTP Pen Test
Date: Mon, 10 Dec 2007 01:21:56 +0000 (GMT) 
Well, did you mean Reverse-DNS? I guess Reverse-DNS &
SMTP AUTH should resolve both the issues.

Incorporating SSL on SMTP would further ensure that
emails are not stolen over the wire and there is no
identity theft.

I understand that applying SMTP AUTH wouldn't stop two
different domain SMTP servers with MX records like
smtp.xyz.com and smtp.abc.com communicate with each
other on sending or reception of email. I understand
that's what it should be like and that's what we want.


--- "Antonio Augusto (Mancha)" <khaoticmind@gmail.com>
wrote:


SMTPAuth may be the solution for the second case,
but for the first
your best option is a good Antispam. Usually SMTP
will accept any
e-mail coming from anywhere (since there is no way
to identify if the
sender is valid or not).
Antispams can block some of this using technologies
like Domain Keys
(to verify if the e-mail from a@abc.com really came
from teh servers
of abc.com), or grey listing (denying the e-mail at
first and wait for
the server at the other side to retry to send it),
among others.

Cheers,
KM


On Dec 4, 2007 3:50 AM, Clone <c70n3@yahoo.co.in>
wrote:

Hi List,

What is the best solution for blocking email

spoofing

from an SMTP server? I've come across so many

cases

where it is possible to telnet into an SMTP server

and

spoof emails from it. A few of those common

conditions

are:
1. For an xyz.com SMTP server it is possible to

send

emails from x@abc.com to a@xyz.com.
2. For an xyz.com SMTP server it is possible to

send

emails from b@xyz.com to a@xyz.com.

SMTP AUTH looks to be the solution to me. Is there

any

alternative?

Clone


      Explore your hobbies and interests. Go to

http://in.promos.yahoo.com/groups







------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution

FREE today!


http://www.cenzic.com/downloads




------------------------------------------------------------------------







-- 
Informação & Segurança - Informações para sua
segurança na rede.
http://info-seg.blogspot.com





      Bring your gang together - do your thing. Go to 
http://in.promos.yahoo.com/groups


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [tool] Announcing dradis, daniel martin gomez
Next by Date:  Re: [Full-disclosure] The Cookie Tools v0.3 -- first public release, coderman
Previous by Thread:  Re: SMTP Pen Test, Shreyas Zare
Next by Thread:  RE: Symantec SGS Gateway Firewall DoS vulnerability, Clone
Indexes:  [Date] [Thread] [Top] [All Lists]