SMTP forgeries

Adam Back aba at dcs.ex.ac.uk
Fri Nov 21 19:12:35 PST 1997




What is the state of the art with SMTP mail forgeries?

It seems that the forwarding SMTP agent can determine the senders IP
address.

I am wondering if this could be prevented by using IP level spoofing
to put fake return IP address on the TCP/IP connection to the
receiving mail hubs SMTP port, in that the sender does not really need
the information the SMTP hup sends back.

This would then be a variant of the IP spoof attack.  What would be
needed would be a site which blindly accepted the one sided traffic
from the receiving SMTP hub where it thought it was replying to the
traffic.

eg. Sender says:

HELO nsa.gov
250 locahost Hello locahost [127.0.0.1], pleased to meet you

The sendmail seems to be trying to be clever doing a reverse name
lookup, and ignoring what you tell it on the HELO line.
The 250 reply is not required by the sender.

MAIL FROM: nobody at nsa.gov
250 nobody at nsa.gov... Sender ok

RCPT TO: joe at acme.com
250 joe at acme.com... Recipient ok

DATA
354 Enter mail, end with "." on a line by itself
asdfasdfasdf







More information about the cypherpunks-legacy mailing list