email spoofing
Scott Silva
ssilva at sgvwater.com
Wed Jun 13 23:20:42 IST 2007
Ivan Arteaga spake the following on 6/13/2007 3:12 PM:
> I tried both from internal and external network. Same behavior.
>
> --Ivan.
>
>> Hello list,
>>
>>
>>
>> This is not exactly a MS related issue but mta related, anyway I’ll post
>> it here and u guys let me know what to do..
>>
>> When I telnet port 25 in some sendmail servers (all I tried) also
>> postfix and even ms exchange I can send mails with no authentication
>> (using smtp commands), all the cases internal mails but also can relay
>> to external accounts. In both cases I can send mails via mail client
>> (outlook, Eudora etc.) just defining the account and leaving blank the
>> password field, even if I have to authenticate the users in order to
>> send email.
>>
>> Had anyone else see this kinda behavior? It is the default normal
>> behavior or it is a bug? I will appreciate your comments.
>>
> are you trying this from an ip address on your network, or from outside?
> Internal addresses on your subnet usually will bypass auth (at least in sendmail).
>
Have you tried with both the from and to addresses not being from your domain?
This is typical of tests for open relays.
Look at this page;
http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:relay
and maybe this;
http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
More information about the MailScanner
mailing list