From: Marc Davison (m_davison@talk21.com)
Date: Wed Apr 13 2005 - 17:44:55 EDT
Hi all, I hope you can help with this. I have been
testing a server for open-relay and found that I could
connect from an external machine and send mails using
a MAIL FROM (the local domain) and a RCPT TO (the
local domain) - now this may seem fine as internal
users will need to send mail to other internal users
but my query is whether there are mail servers which
can be configured to recognise that the connection was
an external address and therefore that the MAIL FROM
address was invalid. eg I can send a mail from the CEO
of the company to his own secretary asking her to copy
his hotmail address on all future mails and to the
secretary, this mail seems perfectly valid yet me
(prospective attacker) outside the comapany may now
receive loads of sensitive mails (assuming the
secretary is the type who doesn't like to query things
and ask questions) - thanks in advance.
Send instant messages to your online friends http://uk.messenger.yahoo.com
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:19 EDT