Sendmail Open Relay

[kaiserninja]

Could you install a mail server such as sendmail and then use dns spoof to forward all smtp requests to your outgoing email open relay mail server. Most smtp servers require you to be assigned an ip address on the corresponding network (i.e. smtp.comcast.net for outgoing email requires you to be using comcast internet service.) Could you spoof all requests for smtp with something like smtp.*.* in dns spoof and forward those requests to your open relay configured smtp server? This would enable you to capture all emails that were being sent from anyone using smtp and not just dedicated network requests.

I know that apple's outgoing smtp server is smtp.mail.me.com so this should effectively capture non dedicated network smtp traffic as well. Does this sound possible? Any thoughts?

Edited June 28, 2012 by kaiserninja

[inTheDMZ]

I'm not sure how this would work with authenticated smtp hosts, most common emails (gmail, hotmail, yahoo etc) all require authentication on the smtp server side and most of them utilize some form of encryption aswell. I'm not ruling it out, I just think it will be quite difficult to implement.

[Molotof]

The only way to find out is try it yourself and see if it does but it sounds workable. what will you use as a relay sniffer server?

On second thought you will be doing them a favor of relaying there encrypted traffic with zero gain for you unless you force a downgrade for them to use authenticated un-encrypted communication.

Edited June 28, 2012 by Molotof

[kaiserninja]

Smtps on port 553 is encrypted but standard port 25 smtp is not. There are a lot of people who have multiple smtp servers in their settings and if their mail client is unable to connect to their main smtp server they get a choice to use one of the other servers. If they select a standard smtp on port 25 then the redirect would work and the traffic would not be encrypted.

Edited June 28, 2012 by kaiserninja

[kaiserninja]

Oh yeah, about relaying. You can configure sendmail to send a copy of all emails that it relays to an email account you create such as logmail or whatever you want to name it. It takes some configuring in the mc.conf but I think I can make this work. I get my new MK4 today so I will work on this over the weekend.

I have a MK4 that the wireless signal worked only about 5 feet and was past the warranty time to send back. Snubs offered to take it back anyway but after I saw the new elite pack I just ordered a new one and will try to crack open the other and reseat the antenna myself. The hack 5 team is awesome. I will keep you posted on what I come up with.

[Molotof]

Oh yeah, about relaying. You can configure sendmail to send a copy of all emails that it relays to an email account you create such as logmail or whatever you want to name it. It takes some configuring in the mc.conf but I think I can make this work. I get my new MK4 today so I will work on this over the weekend.

I have a MK4 that the wireless signal worked only about 5 feet and was past the warranty time to send back. Snubs offered to take it back anyway but after I saw the new elite pack I just ordered a new one and will try to crack open the other and reseat the antenna myself. The hack 5 team is awesome. I will keep you posted on what I come up with.

Thanks for keeping the thought train running, there is so many possibilities to this configuration, the hak5 team keeps pumping new things every week on the videos making me switch from a network admin to a security expert :)

I will be waiting for what you might think of later!