Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Possible black list for hacking

Posted on 2011-10-18
5
Medium Priority
?
383 Views
Last Modified: 2013-12-17
Hi all, I find myself in a very bizarre situation.

I write a web application that basically records audits and other information. Now when an audit has been put onto my system it will send an email to three people.

It uses the domain name mail server to forward from the dedicated server where the application is running.

Now I have tested this, and it works. It works on the live site and my development site, but the recipients at the company xyz.com are not receiving emails.

So I ask their IT guy if they have anything that may be blocking it, and received no answer. So I tested the connection myself using the command line interface.

At first I did something wrong. I did not look up their correct preferred mx record and just telnet-ed onto xyz.com 25 (This was my mistake and ended up giving me a red hearing to chase). Anyway, it connected and I went through a test case and tried to send an email. The system I had connected to was an exchange system. The email did not get sent, and I was greeted with a CANNOT RELAY FOR so and so . So (still thinking I was on the right server) I emailed the IT guy and asked him about this, which he replied that it was my server saying I could not relay. This is where it gets messy..  I replied back saying I disagreed and that unless your system did an mx reverse lookup I cannot see how my server was referenced at all. So I then realised my mistake and found that they had in fact got 4 front end security servers (like sophos appliances). So I telnet-ed onto the preferred one and sent an email to the IT guy from it and then emailed him asking if he had received it. I don’t know why they have their exchange server forwarded to the outside world if they have the security email servers but that is not my worry I’m sure there is a reason.

So then I receive a very sharp email from the IT guy saying that I should not be connecting to their email system as I will get black listed and that I should be using my smtp server and such such and then a final warning, warning me never to connect to their smtp server again.
Now, my goal was to see why I could not send emails to their domain, or rather why it was that the clients were not receiving them. This operation of checking is actually outlined by a Microsoft KB for the recommended way of checking for email flow.

Now they are saying I have been hacking their system and that they will get me black listed world wide for such actions.

Did I do something wrong here? Aren’t email smtp servers open for such allowing connections. It’s not like I wanted or tried to relay messages off their server at all.

Many thanks for reading, any advice or statements that I’m in the wrong here even if it’s a moral thing would be appreciated.
0
Comment
Question by:uunix
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
speak2ab earned 1000 total points
ID: 36987004
You apparently have an innocent goal but I am afraid you troubleshooted beyond the allowed radius. Accessing an external server without express permission can be interpeted as an attack, regardless of how noble the goal is. They obviously have vulnerabilities in their system going from what you described that they need to address. If they did not realise that before they should thank you :)

In the future I will recommend communicating with the partners or organisation involved even if it is just to inform them of the situation before hand and what you plan to do to resolve it. It is quite simple but in this line of work I can assure you that clear communication (that will avoid geting accusing fingers pointed at you) goes a long way. For instance, since they found out the "supposed intrusion" themselves it will be difficult to convince them of your initial goal they will rather suspect that you are rewriting the story, but imagine if only that IT guy was aware of the extent of your troubleshooting stretch. Will this have happened? No. Will they have allowed you to continue? Maybe Yes Maybe No.

Bon chance!



0
 

Author Comment

by:uunix
ID: 36987126
Many thanks speak2ab, I see your point.

I have though looked through my emails from what you said and found that on my second email to him, I suggested I try and connect to the server via the command line to see if I get an immediate response after which I sent him a screen shot of the unable to relay message.

Oh dear..  
0
 
LVL 5

Expert Comment

by:speak2ab
ID: 36987223
Well Uunix if you did inform them before hand, that gives a formal indication that you did explain your intentions and actually made a request. That is good but I must say not sufficient since they did not reply. I do see the dilemma here:)) Well situations like this makes us wiser for future cases, I believe.
0
 
LVL 35

Assisted Solution

by:Paul MacDonald
Paul MacDonald earned 1000 total points
ID: 36987272
To add to what [speak2ab] said, while you may have made these folks angry, it's unlikely they can get you "blacklisted globally".   That's just bluster.

Anyway, yes, you should contrain your actions to your own servers.  If that's not enough to troubleshoot your problem, engage the other parties but don't take matters into your own hands without permission.
0
 

Author Comment

by:uunix
ID: 36991565
Many thanks for your response guys, things have calmed down somewaht now and it was probably due to us getting our wires crossed, they thought I was using their servers to send emails from which wasn't the case.

A lesson learnt though from my perpective though.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes Top 9 Exchange troubleshooting utilities that every Exchange Administrator should know. Most of the utilities are available free of cost. List of tools that I am going to explain in this article are:   Microsoft Remote Con…
Upgrading from older Exchange server to the latest Exchange server can be tiresome, error-prone and risky, without being a seasoned exchange server administrators. It can become even problematic if you're an organization that runs on tight timeline…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question