Penetration Testing
Mail Relay / Open Mail Replay Oct 02 2011 06:25PM
informationhacker08 (informationhacker08 gmail com) (4 replies)
Re: Mail Relay / Open Mail Replay Oct 02 2011 07:44PM
Andy Meyers (andy meyers hushmail com)
Re: Mail Relay / Open Mail Replay Oct 02 2011 07:39PM
Michal Zalewski (lcamtuf coredump cx)
Re: Mail Relay / Open Mail Replay Oct 02 2011 07:33PM
Voulnet (voulnet gmail com)
Re: Mail Relay / Open Mail Replay Oct 02 2011 07:33PM
haZard0us (hazard0us pt gmail com)
On 02-10-2011 19:25, informationhacker08 wrote:
> Suppose there is Mail server having port 25 open xyz.com
> an attacker login on Mail server through telnet and then try to send the
> mail but the he can
> only send a mail within the xyz company not outside ..so this will be
> consider as Vulnerability or not
>
> eg. telnet xyz.com
> mail from:<dddd (at) ddddd (dot) com [email concealed]>
> mail rcpt :<vbn (at) xyz (dot) com [email concealed]>--->only within the network not outside realying
> the mail
>

In my humble opinion, i think that it is.

Because if he can access your mail server, he can send mails pretending
whoever he wants to be. Social Engineering attacks work like these.

This is my humble opinion, since i'm still a "new kid on the block".

-haZ

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus