How improper configuration SMTP Leads Open Relay attack ?




Hey Everyone its LOOPER Online I want to discuss a attack which can be caused by improper configuration of SMPT server. Basically what we do in this attack .We actually Telnet to SMPT sever through port 25 and compose a email through command prompt and send it to wherever we want.I we know the commands .I will Explain it further to you .

Email spoofing is the way of delivering forged emails to recipients.These methods are used by hackers to launch attacks like phishing or spams to provide persistent backdoor with legitimate behavior. Publicly available email servers can be used for spoofing attack. If you have configured your mail server with OPEN RELAY, this dangerous email spoofing attack can be performed by attackers.

An open relay is an SMTP server configured in such a way that allows a third party to relay like sending and receive email messages that are neither from nor for local users. Therefore, such servers are usually targeted by spam senders to send spoofed emails to victims inbox. Searching the vulnerable mail server in public network with open relay configured might be the task to do this email spoofing.




The attacker will be trying to find mail server with sub domain enumeration tools like

  •  Dig
  •  Nslookup 

Also you can usestraightforward of using the legitimate website like VirusTotal to find the sub domains of your target.

Now my favorite step How to Prevent it :)

Not All SMTP relays can let you send messages, only open Relays can let you do that. You can do it on closed relays too but that in that case you have to had the auth credentials or you can brute force it.Also you can prevent from this attack by Limiting your daily email usage and static Users on that server. you can also limit and set preferred time for port 25 to be open. Many companies are consider intelligent agent to overcome this misshaping.



LOOPER

Comments