Scribd
Upload
22 views

How To Send Fake Mail Using SMTP Servers

Uploaded by

itdepsetec
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
22 views

How To Send Fake Mail Using SMTP Servers

Uploaded by

itdepsetec
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

How to Send Fake Mail Using SMTP Servers

Anti Virus Section | Articles & Tutorials | Authors | Books | Email Security Test | Event Log Scan | Links |
Newsletter | Security FAQs | Software | Security Library

Site Search
Anti Virus Section
How to Send Fake Mail Using
Articles & Tutorials
SMTP Servers
By Authors Date: Oct 16, 2002 Detailed description
By Topics Section: Misc
Author: Admin
Authors Company: WindowSecurity.com
Robert J. Shimonski
Deb Shinder Rating: 3.7/5 - 38 Votes
Ricky M. Magalhaes
Thomas Shinder 1 2 3 4 5
Ray Zadjmool Rate this article
Dancho Danchev
Johannes Helmig How to Send Fake Mail Using SMTP Servers
William Henderson
By Hunter
Email Security Test [email protected]
---------------------------------------------------------------------------
Event Log Scan Overview
SMTP (Simple Mail Transfer Protocol) is the protocol by which Internet
IDS FAQ mail
Links is sent. SMTP servers use this protocol to communicate with other
servers
Newsletter Signup or mail clients. However, by telneting directly to a mail server and
manually speaking SMTP, one can easily send mail from any address
Security FAQs specified
- meaning that mail can be sent from fake addresses while the sender's
Intrusion Detection
real
Trojans address is untraceable.
Software
What is Needed?
Anti Virus All that you need is a generic telnet client. Local echo should be
Authentication / Smart cards turned
Email Anti-Virus on so you can see what you type. Also, it is important to note that SMTP
Email Content Security servers do not handle backspaces, so you must type everything correctly.
Email Encryption
Event Log Monitoring How do I Start?
Telnet to port 25 of your target SMTP server (more on SMTP servers
File integrity checkers
selection below). The server should respond with a generic welcome
Firewall security log analyzers
message.
Firewalls You will type HELO domain.name. Use any domain name you wish as most
Intrusion Detection servers do not check the name against the IP you are telneting from.
Misc. Network Security Tools Type
Network Auditing MAIL FROM: . This is where the message will appear to be
Patch Management from. Next, type RCPT TO: . This specifies who will
Security Scanners
receive the message. Type DATA and type the body of your message. To
send
VPNs
the message, enter a line with only a period. Type QUIT to disconnect.
Web content security

http://www.secinf.net/misc/How_to_Send_Fake_Mail_Using_SMTP_Servers.html (1 of 5)3/21/2004 12:19:11 PM


How to Send Fake Mail Using SMTP Servers

Security Library Sample Session

Anti Spam 220 hq.af.mil Sendmail 4.1/Mork-1.0 ready at Thu, 14 Mar 96 00:26:46 EST
Anti Virus HELO prometheus.com
Auditing 250 hq.af.mil Hello prometheus.com (prometheus.com), pleased to meet you
Auth. & Access Control MAIL FROM:
Content Management 250 ... Sender ok
Cryptography
RCPT TO:
250 ... Recipient ok
Disaster Recovery
DATA
Firewalls & VPN's 354 Enter mail, end with "." on a line by itself
Forensics This is the body of my message.
Harmless hacking book .
Honeypots 250 Mail accepted
Information Warfare QUIT
Intrusion Detection 221 hq.af.mil delivering mail
Law
What about message subjects?
Managed Security Solutions The subject, date, to, etc. are part of the DATA area. After the DATA
Misc command, start with date and continue is the fashion illustrated by the
Mobile Code example code below. Make sure there are no mistakes, because the first
NCSC&DoD Rainbow series mistake will cause the data to appear in the body of the message, not
NetWare header. It is interesting, because these fields take precedence over the
Patch Management MAIL FROM: and RCPT TO: when displaying. A message can be routed to a
person even though the message itself appears to be addressed to someone
Policy & Standards
else. The key is to type VERY carefully.
Privacy
Software Engineering Example:
Trojans DATA
Underground Date: 23 Oct 81 11:22:33
Unix Security From: [email protected]
Web Security To: [email protected]
Windows Security
Subject: Mail System Problem

Sorry JOE, your message to [email protected] lost.


Featured product HOSTZ.ARPA said this:
.
End Example

Can my mail be traced?


Yes, the IP address you mailed from can be traced if you are not
careful.
All mail will show a line in the header listing the IP address that you
Recommended links originally telneted from. If the person you are sending mail to doesn't
know much about IP's and the like, you shouldn't worry too much.
Furthermore, depending on your the nature of your connection, there are
different implications. For instance, if you have a direct connection,
you
can be easily traced by your IP address. On the other hand, if you have
a
dial-in connection or service such as AOL, you will not have a defined
IP
address. You will be assigned a temporary one. The only way your mail
can
be traced with this type of connection is to check against the dial in
service's system logs. The take-home message is that you are safe with this
type of connection unless you do something really stupid. Finally, the best
case scenario is a public access terminal with no logging. This type
connection is untraceable.
Author's Note: I have found some servers that don't log IP. Read No IP SMTP
Server

What SMTP servers can I use?

http://www.secinf.net/misc/How_to_Send_Fake_Mail_Using_SMTP_Servers.html (2 of 5)3/21/2004 12:19:11 PM


How to Send Fake Mail Using SMTP Servers

An easy (but hit-or-miss) way to find random SMTP servers is to look at web
addresses on Yahoo! or another search engine. Universities and government
agencies are always good choices. Find a URL and telnet to port 25. If you
get a response, you have located an available server. 95% of servers will
accept your mail. The others will not allow external mail forwarding for
security reasons. Always test the server first.

OR

Check Hunter's List of Usable SMTP Servers. All servers on this list have
been tested and will work. A hyptertext interface makes it easy to use the
servers.
---------------------------------------------------------------------------

Apocalypse 95

Last revision: 3.15.96


Mail to: [email protected]
Hunter's List of SMTP Servers

By Hunter
[email protected]
---------------------------------------------------------------------------
Note: There is no guarantee that the administrators of these servers will
be happy if you use the servers. I am only acknowledging the existence of
these servers. For a server that doesn't stamp your IP on the message
header, read No IP SMTP Server

If you have a telnet client set up as a helper app to your web browser,
simply click on the name of a server to use the server for direct mail.
Some links may be slow.

centerof.thesphere.com
misl.mcp.com
jeflin.tju.edu
arl-mail-svc-1.compuserve.com
alcor.unm.edu
mail-server.dk-online.dk
lonepeak.vii.com
burger.letters.com
aldus.northnet.org
netspace.org
mcl.ucsb.edu
wam.umd.edu
atlanta.com
elmer.anders.com
venus.earthlink.net
urvax.urich.edu
vax1.acs.jmu.edu
loyola.edu
cornell.edu
brassie.golf.com
quartz.ebay.gnn.com
acad.bryant.edu
palette.wcupa.edu
utrcgw.utc.com
umassd.edu
trilogy.usa.com
mit.edu
corp-bbn.infoseek.com
vaxa.stevens-tech.edu
ativan.tiac.net

http://www.secinf.net/misc/How_to_Send_Fake_Mail_Using_SMTP_Servers.html (3 of 5)3/21/2004 12:19:11 PM


How to Send Fake Mail Using SMTP Servers

miami.linkstar.com
wheel.dcn.davis.ca.us
kroner.ucdavis.edu
ccshst01.cs.uoguelph.ca
server.iadfw.net
valley.net
grove.ufl.edu
cps1.starwell.com
unix.newnorth.net
mail2.sas.upenn.edu
nss2.cc.lehigh.edu
pentagon.mil
blackbird.afit.af.mil
denise.dyess.af.mil
cs1.langley.af.mil
wpgate.hqpacaf.af.mil
www.hickam.af.mil
wpgate.misawa.af.mil
guam.andersen.af.mil
dgis.dtic.dla.mil
www.acc.af.mil
redstone.army.mil

---------------------------------------------------------------------------

Apocalypse 95

Last revison: 3.30.96


Mail to: [email protected]
Mail Servers with No IP Logging

Number of Servers that have updated Sendmail versions due to my list

---------------------------------------------------------------------------
When I wrote How to Send Fake Mail Using SMTP Servers, I said that your
messages are traceable by your IP address (it will always be stamped in the
header). Well, slowly, I am finding systems that don't append your IP to
the message. You can send messages through this servers, using the
techniques I described in my SMTP fakemail tutorial, and they are totally
untraceable. If you have a telnet client set as a helper app to your
broweser, all you have to do is click on the link below, and you will be
connected to the respective SMTP server.

DO NOT DO ANYTHING REALLY STUPID WITH THESE SERVERS. If a server was posted
on this list, but isn't now, don't use it! Don't say that I didn't warn
you.

cvo.oneworld.com
www.marist.chi.il.us
bi-node.zerberus.de
underground.net
alcor.unm.edu
venus.earthlink.net
mail.airmail.net
---------------------------------------------------------------------------

Apocalypse 95

---------------------------------------------------------------------------
How to find your own IP-Less Severs:
Finding your own servers that do not append IP to message headers is a
relatively easy process if you know what to look for. There are many SMTP
server programs out there. Sometimes you will hit an odd system with an

http://www.secinf.net/misc/How_to_Send_Fake_Mail_Using_SMTP_Servers.html (4 of 5)3/21/2004 12:19:11 PM


How to Send Fake Mail Using SMTP Servers

unusual server program that you can test by hand. However, the easiest way
it to look for the more common ones. By far, the easiest to look for is a
certain older Sendmail version that many systems still use. To find it,
connect with a server as usual. Examine the welcome text. You are looking
for a line that looks like the following:
220 xxxx.xxxx.xxx Smail3.1.29.1 #15 ready at Mon, 10 Jan 96 12:34 EDT

The important part is the Smail3.1.29.1. If you find a server with this
number, 3.1.29.1, or another 3.x.x.x number, you have what you are looking
for.

---------------------------------------------------------------------------
Last Revision: 4.21.96
[email protected]
Rating: 3.7/5 - 38 Votes

1 2 3 4 5
Rate this article

Featured Links*

- Freeware Ver. - Automatic network & server monitoring made


easy with GFI Network Server Monitor!

- Free AntiVirus for your mail server. 1 anti-virus engine


completely free! - GFI MailSecurity - Dld Today!

Join our mailing list!


Enter your email below,
then click the "join list" button

Anti Virus Section | Articles & Tutorials | Authors | Books | Email Security Test | Event Log Scan | Links |
Newsletter | Security FAQs | Software | Security Library
About Us : Email Us : Product Submission Form : Advertising Information
WindowSecurity.com is in no way affiliated with Microsoft Corp. *Links are sponsored by advertisers.
Copyright © 2004 Internet Software Marketing Ltd. All rights reserved.

http://www.secinf.net/misc/How_to_Send_Fake_Mail_Using_SMTP_Servers.html (5 of 5)3/21/2004 12:19:11 PM

You might also like