|Posted by:||Sümer (sume…@gmail.com)|
|Date:||Sat, 19 Nov 2005|
I have two questions.
1)For example suppose that I want to send an email to user like
x…@softhome.net .Wihout using Indy,I do the following procedures.First of
all I make an MX record query with TDnsResolver, and the results in my test
is: a.mx.softhome.net, b.mx.softhome.net and c.mx.softhome.net.After finding
the Mx records, I manually connect to the servers on port 25 by telnet.Then
talk with the server with the SMTP commands.But eveytime I try this on the
servers, I get error message when I wrote RCPT TO: x…@softhome.net.
The server says that relaying denied.Does this error occurs because I am
trying to send the mail to the wrong mx machine?(can be an absurd question)
or because my DNS reverse lookup does not match?And also, (sorry I am a
newbie) does the server make this DNS reverse query on my IP Address and the
domain name that I have given to the HELO myDomain command or something
2)Also I am curious about the SMTP Autharization.I use Ethereal to inspect
the transaction between the SMTP server and my MUA(Outlook Express
currently).I inspect all the SMTP commands, when I send the mail in
Outlook.And I cannot find any clue about where my username and password are
posted to the server.I can only see the specific SMTP commands like HELO,
MAIL FROM, DATA...etc.I know that SMTP-AUTH protocol is not supported by the
Ethereal but I cannot find any TCP data going from my computer to the
server.(Maybe one or two packets).That may be the problem?
3)I see some transaction examples on the internet like: AUTH LOGIN PLAIN, or
AUTH LOGIN DIGEST-MD5...etc..Are these encryption methods being used to
transfer my username and password?If so, the replied commands(command
messages) coming from the server also use the specified encryption method?
4)And also, if the mail servers stop the spam only by DNS Reverse lookup and
whitelist IP adresses, I think about the following scenario.I can use 3rd
party Winsock library(written from stracth by raw sockets in Windows), just
to send spoofed IP Adresses.I will use an whitelisted IP Adress range for
the Source Adress in the IP header of my packets, And follow the steps in
the 2nd question.Will I be able to deceive the mail servers?I think with
this kind of attack, I can achieve sending emails from an non-open-relay
smtp server(Not only Direct-to-mx mailing)?Can this scenario be an %100
reliable massmailer program?
And I connect Internet using dynamic IP adress(for the questions above).
(P.S):I am asking these questions for educational purposes only.I am not
intending to send spam or someting else.And also,I am a student, this is a
part of my final project.I use Indy for 3 years for every project I made so
far and this is the only place that I know to ask for.