7. Swamp your email
Posted on 12 May 2008 at 15:06
Can spammers use your email server, through the miracle of open relaying, to deliver junk mail or host malware, leaving you to take the flak? If you have security software installed the answer should be "no" because, as Jaime Lyndon A Janeza points out, this will also "act as email proxies and hook into the mailing process to ensure your system isn't being used to relay spam".
Nevertheless, he says it's worth testing this theory with the open relay test from SpamHelp (www.spamhelp.org/shopenrelay). Meanwhile, John Safa points us towards a simple relay test at MXToolbox (www.mxtoolbox.com/diagnostic.aspx), which will connect to a mail server via SMTP, perform an open relay test and verify that the server has a reverse DNS record. It also tests response times for the mail server and, if you know your domain but not the mail server address, it will even do an MX lookup.
If you prefer not to involve third-party testing facilities, ethical hacker Tony Fogerty suggests connecting to mail server SMTP service on TCP port 25 using a Telnet or Netcat client and sending email to your own account with the following code, where "IP" is the IP address of the server:
telnet IP 25
helo
mail from
rcpt to
enter message here, followed by a full stop on a new line
.
Also, check whether your email server divulges your internal users by supporting the EXPN and VRFY commands (for example, VRFY administrator -> admin@example.org):
' telnet
help - does it show EXPN / VRFY to be supported?
EXPN administrator
VRFY admin'
Finally, check if it's possible to send a spoofed email through the email server. For example, SMTP server for domain "example.org" receives an external email from john.smith@example.org. Does your email server drop this email? It should do.
Author: Davey Winder
advertisement
- Q&A: Why Conficker was a victim of its own success
- App developers losing faith in Android
- Biz Stone: Murdoch's Google veto will "fail fast"
- Google adds automatic captions to YouTube
- China ramps up cyber spying
- Mozilla maintains dependence on Google
- Windows 7 flying off the shelves
- Google Chrome OS: full details unveiled
- AOL slashes 2,500 jobs
- YouTube begins streaming full-length shows
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Flash 10.1: Developing for Desktop and Device
- Microsoft Office 2010 screenshots: Recover unsaved items
- Microsoft Word 2010 screenshots: Text Effects
- Microsoft Word 2010: inserting screenshots
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
Printed from www.pcpro.co.uk

