Understanding SMTP -
The Simple Mail Transport Protocol is definitely the most widely used protocol for sending electronic mail. Email uses whats known as a store and forward system. When SMTP is used for outgoing mail it sends it though a nearby SMTP server. The server looks at the address to check if its for it's own domain, if it is it keeps the mail, otherwise it will forward the mail on until it reaches its destination. Email wasn't designed with security in mind. In fact email was originally designed to allow for anonymous communication. Not only that communications using SMTP are sent in clear text so they are susceptible to eavesdropping.
The two elements of SMTP are the Sender-SMTP and Receiver-SMTP processes. The Sender-SMTP element is the client application and the Receiver-SMTP element is the server application. The Sender-SMTP process initiates the communication over port 25. Once the sender and receiver are connected the Receiver-SMTP process will send a 220 code saying that the TCP connection is established and it is ready to accept data from the client.
Some SMTP commands that you will most likely find helpful:
HELO – Starts the SMTP session
EHLO - Starts the SMTP session with support for SMTP mail service extensions
MAIL – Starts the mail transfer and identifies the Sender-SMTP email address
RCPT – Identifies the recipient of the mail
DATA – Starts the mail transfer
RSET – Stops the current mail transaction
HELP – Displays help information
QUIT – Kills the session
Spoofing-
The first thing you must to is open a terminal, either a *nix term or the command prompt from with in Windows. In order to connect to the mail server you must telnet to the mail servers address at port 25 from which you wish to send the mail.
Telnet to the server:
telnet example.mailserver.com 25
You will get a response similar to the one below:
Trying <ip address #>...
Connected to example.mailserver.com
Escape character is '^]'.
220 example.mailserver.com ESMTP <mail server type> <version> <date and time>
Now you need to declare where you are sending the email from to initiate the session:
HELO
or
HELO your_domain_name.com
You will get a response similar to the one below:
250 example.mailserver.com Hello <your ip address>
Now you need to enter the senders email address. This is where you actually “spoof†the address of your choice. You may enter any mail address you wish:
MAIL FROM: spoofed@address.com
You will get a response similar to the one below:
250 spoofed@address.com... Sender ok
Now you enter your targets address who you wish to receive the mail:
RCPT TO: targets@address.com
You will get a response similar to the one below:
250 targets@address.com... Recipient ok
Now you can enter the text you wish the email message to contain:
DATA (press enter)
enter your message now
Once you are completed with your message you can let the mail server know you wish to send it off by typing a single period and pressing enter:
. (press enter)
You will get a response similar to the one below:
250 Message queued for delivery
You may now close the connection to the server:
QUIT
And thats it! Its really that easy. So how do you protect yourself from this type of attack? The best way to secure your electronic messaging is to use software that allows for the following: encryption, decryption, and digital signatures. I recommend the use of PGP. PGP uses asymmetric encryption and allows for you do sign your messages using your private key. This way your recipients can use your public key to decrypt your signature and verify the messages integrity. PGP can be applied to email, data files, instant messaging, and VPNs.
Source
***Note!!!:
This is just a read to get informed on how does it all happen,please do NOT use it! a good email server will embed the ip number from whence you telneted.
(If Mods/Admins find this guide inappropriate please dont hesiate to remove it)
The Simple Mail Transport Protocol is definitely the most widely used protocol for sending electronic mail. Email uses whats known as a store and forward system. When SMTP is used for outgoing mail it sends it though a nearby SMTP server. The server looks at the address to check if its for it's own domain, if it is it keeps the mail, otherwise it will forward the mail on until it reaches its destination. Email wasn't designed with security in mind. In fact email was originally designed to allow for anonymous communication. Not only that communications using SMTP are sent in clear text so they are susceptible to eavesdropping.
The two elements of SMTP are the Sender-SMTP and Receiver-SMTP processes. The Sender-SMTP element is the client application and the Receiver-SMTP element is the server application. The Sender-SMTP process initiates the communication over port 25. Once the sender and receiver are connected the Receiver-SMTP process will send a 220 code saying that the TCP connection is established and it is ready to accept data from the client.
Some SMTP commands that you will most likely find helpful:
HELO – Starts the SMTP session
EHLO - Starts the SMTP session with support for SMTP mail service extensions
MAIL – Starts the mail transfer and identifies the Sender-SMTP email address
RCPT – Identifies the recipient of the mail
DATA – Starts the mail transfer
RSET – Stops the current mail transaction
HELP – Displays help information
QUIT – Kills the session
Spoofing-
The first thing you must to is open a terminal, either a *nix term or the command prompt from with in Windows. In order to connect to the mail server you must telnet to the mail servers address at port 25 from which you wish to send the mail.
Telnet to the server:
telnet example.mailserver.com 25
You will get a response similar to the one below:
Trying <ip address #>...
Connected to example.mailserver.com
Escape character is '^]'.
220 example.mailserver.com ESMTP <mail server type> <version> <date and time>
Now you need to declare where you are sending the email from to initiate the session:
HELO
or
HELO your_domain_name.com
You will get a response similar to the one below:
250 example.mailserver.com Hello <your ip address>
Now you need to enter the senders email address. This is where you actually “spoof†the address of your choice. You may enter any mail address you wish:
MAIL FROM: spoofed@address.com
You will get a response similar to the one below:
250 spoofed@address.com... Sender ok
Now you enter your targets address who you wish to receive the mail:
RCPT TO: targets@address.com
You will get a response similar to the one below:
250 targets@address.com... Recipient ok
Now you can enter the text you wish the email message to contain:
DATA (press enter)
enter your message now
Once you are completed with your message you can let the mail server know you wish to send it off by typing a single period and pressing enter:
. (press enter)
You will get a response similar to the one below:
250 Message queued for delivery
You may now close the connection to the server:
QUIT
And thats it! Its really that easy. So how do you protect yourself from this type of attack? The best way to secure your electronic messaging is to use software that allows for the following: encryption, decryption, and digital signatures. I recommend the use of PGP. PGP uses asymmetric encryption and allows for you do sign your messages using your private key. This way your recipients can use your public key to decrypt your signature and verify the messages integrity. PGP can be applied to email, data files, instant messaging, and VPNs.
Source
***Note!!!:
This is just a read to get informed on how does it all happen,please do NOT use it! a good email server will embed the ip number from whence you telneted.
(If Mods/Admins find this guide inappropriate please dont hesiate to remove it)
hyeah:
