Insecure SMTP…

December 5th, 2005

hi!!

You may be knowing about SMTP. Its called Simple Mail Transfer Protocol. SMTP is responsible for transfering mails from 1 server to another server. Suppose you want to send a mail from yahoo mail to gmail, the yahoo server sends the mail to the google server through SMTP. To know in detail about the SMTP sepcification, refer RFC 2821 at ietf.org.

Coming back, when a mail is about to be sent, a domain called the “Mail Exchanger (MX)” is contacted, which relays the mail to the destination. The mail exchanger works on default smtp port (25). This MX can be contacted directly by bypassing the usual web interface (that we are used to) and thus anonymous mails can be sent!!! Sounds dangerous?? Read on….

For example, lets take a fictitious website called http://www.abcdefghij.com/ and lets assume its having a MX. In linux OS, we use the dig (i don’t know the windows equivalent) command to retrieve the MX record of a website. On issuing the command at the terminal,

dig abcdefghij.com mx

a list of url’s popup as the result. Look for “;; ANSWER SECTION“. At the end of the line, there will be a url which is the mail exchanger. Ofcourse, a website may have many MX records.

Now, we have to connect using telnet to port 25, the standard SMTP port at any of the MXs.

telnet mx1.abcdefghij.com 25

Your output should look similar to
Connected to mx1.abcdefghij.com
Escape character is ‘^]’.
220

For each line of command you type, you will get a response. Normally, an email will have a from address, to address, subject, content. Issue the next command as follows.

MAIL FROM:<xyz@abcdefghij.com>
503 // Server output
RCPT TO:<abc@abcdefghij.com>// The angular brackets are mandatory
503
DATA
503
Subject: this is subject // A blank line is a must after this line

this is the content
. // ‘.’ (dot) signifies content end
QUIT
221 mx1.abcdefghij.com
Connection closed by foreign host

Your mail will be sent now. Almost no servers will support foreign relaying. That is, if u want to use the MX of yahoo the ‘MAIL FROM’ should have its email address ending in yahoo.com or something that the yahoo servers support. The ‘RCPT TO’ can be any valid email address. Have a look at this url http://www.yuki-onna.co.uk/email/smtp.html for having a detailed explanation on sending mails using SMTP & terminal

Why this is insecure??
It allows emails to be sent without logging in. Only the domain of FROM address is checked to see whether its legal for relaying. That too, the email address is not verified. Therefore, unscrupulous spamming is a possibility. Connecting on normal SMTP offers a bit of security because, the email address is verified for its existence.

Hope this helped a bit…..bye!!~~

Comments are closed.