Re: SMTP Pen Test

From: Shreyas Zare (shreyas@technitium.com)
Date: Fri Dec 07 2007 - 09:25:02 EST

• Next message: announcements@webappsec.org: "WASC Announcement: The Script Mapping Project Results and Call for Participation"
• Previous message: Rajesh A.: "Re: Unicornscan - New Version (0.4.7) Released"
• In reply to: Clone: "SMTP Pen Test"
• Next in thread: Clone: "Re: SMTP Pen Test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

You cannot use SMTP AUTH on an MX server for obvious reasons. One of
the good way would be implementing Sender Policy Framework (SPF) on
your server and your company domain. Secondly use a good DNSBL.

Regards,

On 12/4/07, Clone <c70n3@yahoo.co.in> wrote:
> Hi List,
>
> What is the best solution for blocking email spoofing
> from an SMTP server? I've come across so many cases
> where it is possible to telnet into an SMTP server and
> spoof emails from it. A few of those common conditions
> are:
> 1. For an xyz.com SMTP server it is possible to send
> emails from x@abc.com to a@xyz.com.
> 2. For an xyz.com SMTP server it is possible to send
> emails from b@xyz.com to a@xyz.com.
>
> SMTP AUTH looks to be the solution to me. Is there any
> alternative?
>
> Clone
>
>
> Explore your hobbies and interests. Go to http://in.promos.yahoo.com/groups
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

-- 
("Computers are useless. They can only give you answers." - Pablo Picasso)
Shreyas Zare
Co-Founder, Technitium
eMail: shreyas@technitium.com
..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam@technitium.com
Technitium Personal Computers
We believe in quality.
Visit http://pc.technitium.com for details.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: announcements@webappsec.org: "WASC Announcement: The Script Mapping Project Results and Call for Participation"
• Previous message: Rajesh A.: "Re: Unicornscan - New Version (0.4.7) Released"
• In reply to: Clone: "SMTP Pen Test"
• Next in thread: Clone: "Re: SMTP Pen Test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:14 EDT