Mailinglist Archive: opensuse (2112 mails)
| < Previous | Next > |
Re: Email Security question: Hijacked email !!! was: [opensuse] Vista
- From: "Amedee Van Gasse" <amedee@xxxxxxxxx>
- Date: Fri, 8 Aug 2008 17:09:25 +0200 (CEST)
- Message-id: <44970.193.121.250.194.1218208165.squirrel@xxxxxxxxxxxxxxxx>
On Fri, August 8, 2008 15:55, Alexey Eremenko wrote:
Of course.
You just gave one, a few lines up. ;-)
I'm just an amateur!
But sending email from command-line is a piece of cake.
First you have to find out which mailserver you have to contact. You do
this with "dig <domain> mx", for example
$ dig opensuse.org mx
The MX records point to the mailservers of a domain.
In case of opensuse.org, you get two answers:
;; ANSWER SECTION:
opensuse.org. 300 IN MX 42 mx1.suse.de.
opensuse.org. 300 IN MX 42 mx2.suse.de.
The number 42 is the priority. Sensible mailservers start with the server
with the lowest number, and if they cannot contact it, they take the next
one. In this case both servers have equal priorities. It's a kind of load
balancing.
Spammers OTOH usually abuse the server with the highest number. This is
often a backup server somewhere at a remote location that just forwards
mail to the main mailserver, and everybody forgets to update the backup
server.
Now that you know the mailserver, you are ready to send your email:
$ telnet mx2.suse.de 25
(port 25 is the default SMTP port)
The server shows a banner:
Trying 195.135.220.15...
Connected to mx2.suse.de.
Escape character is '^]'.
220 mx2.suse.de ESMTP Postfix (2.1.1)
You are polite and say hel(l)o to the server:
HELO spammer.com
250 mx2.suse.de
Lines starting with 250 are replies from the suse mailserver, saying
everything is OK.
Now we start sending email. First we say who it is from:
MAIL FROM: badboy@xxxxxxxxxxx
250 Ok
And who is the intended receipient:
RCPT TO: opensuse@xxxxxxxxxxxx
250 Ok
This is all you need, now you send the data part of the mail:
DATA
354 End data with <CR><LF>.<CR><LF>
The mailserver tells you how you can say you reached the end of an email.
First you type the mailheaders, followed by a blank line, followed by the
body of the mail, and then you close with a dot on a single line.
From: al4321@xxxxxxxxx
To: opensuse@xxxxxxxxxxxx
Subject: Sending email with telnet on port 25
X-Yet-Another-Header: nothing to see, move along
This is a test. I am sending this email with telnet on port 25.
It may or may not arrive, depending on the spamfilter used by Suse.
Have fun,
Amedee, pretending to be someone else
.
250 Ok: queued as 8639A45AF2
The message is accepted by Suse, now we break the connection:
QUIT
221 Bye
Connection closed by foreign host.
That's all!
To recapitulate:
dig example.com mx
telnet mail.example.com 25
HELO your.servername
MAIL FROM: your address
RCPT TO: somebody@xxxxxxxxxxx
DATA
Email headers
Email body
.
QUIT
Cheers,
Amedee.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Strictly speaking, openSUSE mailing list is also spoofing email
addresses as I receive something like:
from Amedee Van Gasse <amedee@xxxxxxxxx>
to opensuse@xxxxxxxxxxxx
While in reality I should receive something like:
from opensuse@xxxxxxxxxxxx
to al4321@xxxxxxxxx
You understand ?
Of course.
What reasons ?If so, maybe we can use reverse DNS and compare that to the email
header "From: " address ?
No. There are legitimate reasons why the IP address won't match the
header
"From: " address.
You just gave one, a few lines up. ;-)
Well, some professional can even send email from command-line,
effectively converting the PC into email client.
Unfortunately I can only use email-clients like Thunderbird or webmail.
I'm just an amateur!
But sending email from command-line is a piece of cake.
First you have to find out which mailserver you have to contact. You do
this with "dig <domain> mx", for example
$ dig opensuse.org mx
The MX records point to the mailservers of a domain.
In case of opensuse.org, you get two answers:
;; ANSWER SECTION:
opensuse.org. 300 IN MX 42 mx1.suse.de.
opensuse.org. 300 IN MX 42 mx2.suse.de.
The number 42 is the priority. Sensible mailservers start with the server
with the lowest number, and if they cannot contact it, they take the next
one. In this case both servers have equal priorities. It's a kind of load
balancing.
Spammers OTOH usually abuse the server with the highest number. This is
often a backup server somewhere at a remote location that just forwards
mail to the main mailserver, and everybody forgets to update the backup
server.
Now that you know the mailserver, you are ready to send your email:
$ telnet mx2.suse.de 25
(port 25 is the default SMTP port)
The server shows a banner:
Trying 195.135.220.15...
Connected to mx2.suse.de.
Escape character is '^]'.
220 mx2.suse.de ESMTP Postfix (2.1.1)
You are polite and say hel(l)o to the server:
HELO spammer.com
250 mx2.suse.de
Lines starting with 250 are replies from the suse mailserver, saying
everything is OK.
Now we start sending email. First we say who it is from:
MAIL FROM: badboy@xxxxxxxxxxx
250 Ok
And who is the intended receipient:
RCPT TO: opensuse@xxxxxxxxxxxx
250 Ok
This is all you need, now you send the data part of the mail:
DATA
354 End data with <CR><LF>.<CR><LF>
The mailserver tells you how you can say you reached the end of an email.
First you type the mailheaders, followed by a blank line, followed by the
body of the mail, and then you close with a dot on a single line.
From: al4321@xxxxxxxxx
To: opensuse@xxxxxxxxxxxx
Subject: Sending email with telnet on port 25
X-Yet-Another-Header: nothing to see, move along
This is a test. I am sending this email with telnet on port 25.
It may or may not arrive, depending on the spamfilter used by Suse.
Have fun,
Amedee, pretending to be someone else
.
250 Ok: queued as 8639A45AF2
The message is accepted by Suse, now we break the connection:
QUIT
221 Bye
Connection closed by foreign host.
That's all!
To recapitulate:
dig example.com mx
telnet mail.example.com 25
HELO your.servername
MAIL FROM: your address
RCPT TO: somebody@xxxxxxxxxxx
DATA
Email headers
Email body
.
QUIT
Cheers,
Amedee.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |