Possible black list for hacking

Hi all, I find myself in a very bizarre situation.

I write a web application that basically records audits and other information. Now when an audit has been put onto my system it will send an email to three people.

It uses the domain name mail server to forward from the dedicated server where the application is running.

Now I have tested this, and it works. It works on the live site and my development site, but the recipients at the company xyz.com are not receiving emails.

So I ask their IT guy if they have anything that may be blocking it, and received no answer. So I tested the connection myself using the command line interface.

At first I did something wrong. I did not look up their correct preferred mx record and just telnet-ed onto xyz.com 25 (This was my mistake and ended up giving me a red hearing to chase). Anyway, it connected and I went through a test case and tried to send an email. The system I had connected to was an exchange system. The email did not get sent, and I was greeted with a CANNOT RELAY FOR so and so . So (still thinking I was on the right server) I emailed the IT guy and asked him about this, which he replied that it was my server saying I could not relay. This is where it gets messy..  I replied back saying I disagreed and that unless your system did an mx reverse lookup I cannot see how my server was referenced at all. So I then realised my mistake and found that they had in fact got 4 front end security servers (like sophos appliances). So I telnet-ed onto the preferred one and sent an email to the IT guy from it and then emailed him asking if he had received it. I don’t know why they have their exchange server forwarded to the outside world if they have the security email servers but that is not my worry I’m sure there is a reason.

So then I receive a very sharp email from the IT guy saying that I should not be connecting to their email system as I will get black listed and that I should be using my smtp server and such such and then a final warning, warning me never to connect to their smtp server again.
Now, my goal was to see why I could not send emails to their domain, or rather why it was that the clients were not receiving them. This operation of checking is actually outlined by a Microsoft KB for the recommended way of checking for email flow.

Now they are saying I have been hacking their system and that they will get me black listed world wide for such actions.

Did I do something wrong here? Aren’t email smtp servers open for such allowing connections. It’s not like I wanted or tried to relay messages off their server at all.

Many thanks for reading, any advice or statements that I’m in the wrong here even if it’s a moral thing would be appreciated.
uunixAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

speak2abCommented:
You apparently have an innocent goal but I am afraid you troubleshooted beyond the allowed radius. Accessing an external server without express permission can be interpeted as an attack, regardless of how noble the goal is. They obviously have vulnerabilities in their system going from what you described that they need to address. If they did not realise that before they should thank you :)

In the future I will recommend communicating with the partners or organisation involved even if it is just to inform them of the situation before hand and what you plan to do to resolve it. It is quite simple but in this line of work I can assure you that clear communication (that will avoid geting accusing fingers pointed at you) goes a long way. For instance, since they found out the "supposed intrusion" themselves it will be difficult to convince them of your initial goal they will rather suspect that you are rewriting the story, but imagine if only that IT guy was aware of the extent of your troubleshooting stretch. Will this have happened? No. Will they have allowed you to continue? Maybe Yes Maybe No.

Bon chance!



0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
uunixAuthor Commented:
Many thanks speak2ab, I see your point.

I have though looked through my emails from what you said and found that on my second email to him, I suggested I try and connect to the server via the command line to see if I get an immediate response after which I sent him a screen shot of the unable to relay message.

Oh dear..  
0
speak2abCommented:
Well Uunix if you did inform them before hand, that gives a formal indication that you did explain your intentions and actually made a request. That is good but I must say not sufficient since they did not reply. I do see the dilemma here:)) Well situations like this makes us wiser for future cases, I believe.
0
Paul MacDonaldDirector, Information SystemsCommented:
To add to what [speak2ab] said, while you may have made these folks angry, it's unlikely they can get you "blacklisted globally".   That's just bluster.

Anyway, yes, you should contrain your actions to your own servers.  If that's not enough to troubleshoot your problem, engage the other parties but don't take matters into your own hands without permission.
0
uunixAuthor Commented:
Many thanks for your response guys, things have calmed down somewaht now and it was probably due to us getting our wires crossed, they thought I was using their servers to send emails from which wasn't the case.

A lesson learnt though from my perpective though.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.