Possible black list for hacking

Posted on 2011-10-18
Last Modified: 2013-12-17
Hi all, I find myself in a very bizarre situation.

I write a web application that basically records audits and other information. Now when an audit has been put onto my system it will send an email to three people.

It uses the domain name mail server to forward from the dedicated server where the application is running.

Now I have tested this, and it works. It works on the live site and my development site, but the recipients at the company are not receiving emails.

So I ask their IT guy if they have anything that may be blocking it, and received no answer. So I tested the connection myself using the command line interface.

At first I did something wrong. I did not look up their correct preferred mx record and just telnet-ed onto 25 (This was my mistake and ended up giving me a red hearing to chase). Anyway, it connected and I went through a test case and tried to send an email. The system I had connected to was an exchange system. The email did not get sent, and I was greeted with a CANNOT RELAY FOR so and so . So (still thinking I was on the right server) I emailed the IT guy and asked him about this, which he replied that it was my server saying I could not relay. This is where it gets messy..  I replied back saying I disagreed and that unless your system did an mx reverse lookup I cannot see how my server was referenced at all. So I then realised my mistake and found that they had in fact got 4 front end security servers (like sophos appliances). So I telnet-ed onto the preferred one and sent an email to the IT guy from it and then emailed him asking if he had received it. I don’t know why they have their exchange server forwarded to the outside world if they have the security email servers but that is not my worry I’m sure there is a reason.

So then I receive a very sharp email from the IT guy saying that I should not be connecting to their email system as I will get black listed and that I should be using my smtp server and such such and then a final warning, warning me never to connect to their smtp server again.
Now, my goal was to see why I could not send emails to their domain, or rather why it was that the clients were not receiving them. This operation of checking is actually outlined by a Microsoft KB for the recommended way of checking for email flow.

Now they are saying I have been hacking their system and that they will get me black listed world wide for such actions.

Did I do something wrong here? Aren’t email smtp servers open for such allowing connections. It’s not like I wanted or tried to relay messages off their server at all.

Many thanks for reading, any advice or statements that I’m in the wrong here even if it’s a moral thing would be appreciated.
Question by:uunix
    LVL 5

    Accepted Solution

    You apparently have an innocent goal but I am afraid you troubleshooted beyond the allowed radius. Accessing an external server without express permission can be interpeted as an attack, regardless of how noble the goal is. They obviously have vulnerabilities in their system going from what you described that they need to address. If they did not realise that before they should thank you :)

    In the future I will recommend communicating with the partners or organisation involved even if it is just to inform them of the situation before hand and what you plan to do to resolve it. It is quite simple but in this line of work I can assure you that clear communication (that will avoid geting accusing fingers pointed at you) goes a long way. For instance, since they found out the "supposed intrusion" themselves it will be difficult to convince them of your initial goal they will rather suspect that you are rewriting the story, but imagine if only that IT guy was aware of the extent of your troubleshooting stretch. Will this have happened? No. Will they have allowed you to continue? Maybe Yes Maybe No.

    Bon chance!


    Author Comment

    Many thanks speak2ab, I see your point.

    I have though looked through my emails from what you said and found that on my second email to him, I suggested I try and connect to the server via the command line to see if I get an immediate response after which I sent him a screen shot of the unable to relay message.

    Oh dear..  
    LVL 5

    Expert Comment

    Well Uunix if you did inform them before hand, that gives a formal indication that you did explain your intentions and actually made a request. That is good but I must say not sufficient since they did not reply. I do see the dilemma here:)) Well situations like this makes us wiser for future cases, I believe.
    LVL 33

    Assisted Solution

    To add to what [speak2ab] said, while you may have made these folks angry, it's unlikely they can get you "blacklisted globally".   That's just bluster.

    Anyway, yes, you should contrain your actions to your own servers.  If that's not enough to troubleshoot your problem, engage the other parties but don't take matters into your own hands without permission.

    Author Comment

    Many thanks for your response guys, things have calmed down somewaht now and it was probably due to us getting our wires crossed, they thought I was using their servers to send emails from which wasn't the case.

    A lesson learnt though from my perpective though.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    Get an idea of what you should include in an email disclaimer with these Top 5 email disclaimer tips.
    Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
    In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
    This video discusses moving either the default database or any database to a new volume.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now