Pau Lo
asked on
Outlook relaying
How can I test whether my exchange server allows me to spoof who I am sending from. I.e. if my actuall acct is aaa@mydomain.com, I want to test whether I can spoof this to appear to be sent as bbb@mydomain.com. I have read on here it's possibly acheivable within your LAN, obvs not outside the LAN. How can I test this, I found this Q&A a while back but it doesnt describe how to test it
https://www.experts-exchange.com/questions/21752818/Email-spoofing.html
https://www.experts-exchange.com/questions/21752818/Email-spoofing.html
ASKER
Could not open connection to the host, on port 25
Does that mean we are secured from this sort of activity?
Does that mean we are secured from this sort of activity?
Are you using the internal (private) IP address of the SMTP mail server?
ASKER
How can I get the internal IP of the SMTP Server.
I was using http://centralops.net/co/DomainDossier.aspx
I was using mail.xxx.mydomain.uk
I was using http://centralops.net/co/DomainDossier.aspx
I was using mail.xxx.mydomain.uk
That won't give you your internal IP address. You need internal knowledge of your system.
If it's a small setup, then the SMTP server is probably the same server as your Exchange server. So, you could try your Exchange server IP address.
In Outlook (This is how my Outlook 2003 goes) from the main Outlook window, Tools, E-mail Accounts..., View/Change existing e-mail accounts, Click on Microsoft Echange Server, click on Change..., the exchange server name should be highlighted - press Ctrl-C to get it into the clipboard. you can use this full name in the telnet session, or ping the name to find its IP address - then use that.
If it's a small setup, then the SMTP server is probably the same server as your Exchange server. So, you could try your Exchange server IP address.
In Outlook (This is how my Outlook 2003 goes) from the main Outlook window, Tools, E-mail Accounts..., View/Change existing e-mail accounts, Click on Microsoft Echange Server, click on Change..., the exchange server name should be highlighted - press Ctrl-C to get it into the clipboard. you can use this full name in the telnet session, or ping the name to find its IP address - then use that.
ASKER
Got the IP of the exchange server, and still get the exact same message.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes the default for all email is SMTP, I will see if I can get assurances from the sys admin
You can always try SMTP from outside the network, e.g. home DSL, connecting to the public address. Use the tool you mentioned above (http://centralops.net/co/DomainDossier.aspx) to get the DNS Records, try the telnet test on every single one of the MX records.
From a command prompt:-
TELNET x.x.x.x 25
helo mydomain.com
mail from: bbb@mydomain.com
rcpt to: aaa@mydomain.com
data
Subject: Hello, this is a test e-mail (Subject)
Hello, this is a test e-mail (body)
.
quit
Note the dot on the line by itself before the quit command - the dot has to be by itself on it's own line. This tells the SMTP server that this is the end of the message.
Also, note the Blank line after the subject, the balnk line is required to separate the e-mail headers from the e-mail body.
Response codes are generally; 400 series means good/positive response, 500 series are bad/negative response - read the text that goes along with the message code.
Also, note that you may need to turn on local echo and 'newline with carriage return' with older Windows OS TELNET programs.