Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: [ActiveDir] SMTP Flaw - Exchange
Prev Next
You are not authorized to post a reply.

AuthorMessages
coolandynetUser is Offline

Posts:17

01/09/2009 1:16 AM  
Hi All,

I am a newbie I am curious to open the mystery about below behavior.

I have configured POP3/ SMTP profile in outlook with fake Email id as
abc@abc.com and i am providing my actual credentials in advanced options.
With this configuration i am able to send mail. the mail i received is with
fake id in FROM.

By doing this anybody can send mail with fake ID though it is traceable ...
Please can anybody tell me how can this is working ?? and how to block this
in domain ??


--
Cheers,

Andy
Success is always Demanding.

dejiUser is Offline

Posts:242

01/09/2009 1:34 AM  
Try it again without providing your actual credentials. If it works, then you've discovered a great flaw. If it doesn't, then you've discovered the design of POP/SMTP.


Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
www.akomolafe.name<http://www.akomolafe.name/> - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________
From: ActiveDir-owner@mail.activedir.org [ActiveDir-owner@mail.activedir.org] On Behalf Of Andy [coolandy.net@gmail.com]
Sent: Thursday, January 08, 2009 10:12 PM
To: Active Dir
Subject: [ActiveDir] SMTP Flaw - Exchange

Hi All,

I am a newbie I am curious to open the mystery about below behavior.

I have configured POP3/ SMTP profile in outlook with fake Email id as abc@abc.com<mailto:abc@abc.com> and i am providing my actual credentials in advanced options. With this configuration i am able to send mail. the mail i received is with fake id in FROM.

By doing this anybody can send mail with fake ID though it is traceable ... Please can anybody tell me how can this is working ?? and how to block this in domain ??


--
Cheers,

Andy
Success is always Demanding.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
coolandynetUser is Offline

Posts:17

01/09/2009 2:01 AM  
Hi Deji,

What you are saying is right.

My concern is, If POP3/SMTP Enabled for the user then he can able to send mail from any user of the Organization to any user like CEO also. Then how we are going to trace it??

If its by design then what to say...
dejiUser is Offline

Posts:242

01/09/2009 2:09 AM  
You can "trace" emails by inspecting the headers or looking at the server logs.


Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
www.akomolafe.name<http://www.akomolafe.name/> - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________
From: archive@mail.activedir.org [archive@mail.activedir.org]
Sent: Thursday, January 08, 2009 11:01 PM
To: Akomolafe, Deji
Subject: SubscribedEmail (d7202a39-137f-463f-98a5-f72e791f8719)

At 01/09/2009 12:31 PM a message was posted to a thread you were tracking.
RE: [ActiveDir] SMTP Flaw - Exchange by coolandynet
Hi Deji,

What you are saying is right.

My concern is, If POP3/SMTP Enabled for the user then he can able to send mail from any user of the Organization to any user like CEO also. Then how we are going to trace it??

If its by design then what to say...

To view the complete thread and reply, please visit:
http://www.activedir.org/ListArchives/tabid/55/view/topic/postid/32403/ptarget/32405/Default.aspx
You were sent this email because you opted to receive email notifications when someone responded to this thread. To unsubscribe to this thread please visit your user profile page delete this post from your subscribed topics.
Thank you,

ActiveDir.org
You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] SMTP Flaw - Exchange



ActiveForums 3.7
Friends

Friends

Button
Members

Members

MembershipMembership:
Latest New UserLatest:shams
New TodayNew Today:4
New YesterdayNew Yesterday:2
User CountOverall:4698
People OnlinePeople Online:
VisitorsVisitors:61
MembersMembers:2
TotalTotal:63
Online NowOnline Now:
01: alpeshshinde25
02: shams

Ads

Copyright 2009 ActiveDir.org
Terms Of Use