email spoofing

Scott Silva ssilva at
Wed Jun 13 23:20:42 IST 2007

Ivan Arteaga spake the following on 6/13/2007 3:12 PM:
> I tried both from internal and external network. Same behavior.
> --Ivan. 
>> Hello list,
>> This is not exactly a MS related issue but mta related, anyway I’ll post
>> it here and u guys let me know what to do..
>> When I telnet port 25 in some sendmail servers (all  I tried) also
>> postfix and even ms exchange I can send mails with no authentication
>> (using smtp commands), all the cases internal mails but also can relay
>> to external accounts. In both cases I can send mails via mail client
>> (outlook, Eudora etc.) just defining the account and leaving blank the
>> password field, even if I have to authenticate the users in order to
>> send email.
>> Had anyone else see this kinda behavior? It is the default normal
>> behavior or it is a bug? I will appreciate your comments.
> are you trying this from an ip address on your network, or from outside?
> Internal addresses on your subnet usually will bypass auth (at least in sendmail).
Have you tried with both the from and to addresses not being from your domain?
This is typical of tests for open relays.
Look at this page;

and maybe this;


MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

More information about the MailScanner mailing list