Email bombing

[5465353535453435]

_____

Edited August 30, 2013 by 5465353535453435

[Sparda]

I got a DOS.

NO WAI!

[VaKo]

This is something I've been interested in myself actually. How do you load test an email server without loading up a VM and signing up for every spam service you can find? It would be best to do this on a LAN rather than a WAN facing box, given that you don't want to add to internet pollution.

[SomeoneE1se]

get your e-mail posted to digg.com

[brainfreeze]

Hello, I was wondering where to get the best free email bombers. I got email bombed last week on my server and I'm trying to test my server email today. It sucks cause I got a DOS. 

There are plenty of skiddy mailbomber apps on the net out there, but i wouldn't trust them if i where you. I'm going to assume you are  telling the truth and you are an honest user with a honest problem.

As i said, you could google and find a mail bomber program, but since the majority of these are made by malicious retards, you can bet very highly that you will be downloading some sort of trojan.

Ok, you are going to need three things.

The server that hosts your email account (you already have that)

A mail server (on another computer you own).

A mail client that will send multiple mails  (we'll make that so you don't have to grab one made by a Mr Dodgy McDogerson).

with the above 3, you will be able to test your server because email works like this:

[mailclient] -----> [mail-server] ------> [destination]

-------------------------------------------

Ok first things first, lets get you a mail server. If you use linux, chances are that you already have a mail server installed and you only have to turn it on. If you use windows, go to downloads.com and type in 'smtp' and find a free one with an easy set up GUI or something. Now make sure the mail server supports 'SMTP', because thats the protocol i am going to be discussing below.

Now, a quick introduction into SMTP - Simple Mail Transfer Protocol. SMTP has been around since 1982, and yet its still one of the most widley used protocols in sending email around networks such as the internet. Don't worry, SMTP is very easy to get your head around!

Once you install your mail server, port 25 will be open on the machine you installed it on. So to test this, on that machine connect to port 25 with a plain text sending client such as telnet. "telnet 127.0.0.1 25" - You should get some welcome message that will be along the lines of the mail servers name, the host its on, and its version number. Ok no to the actual protocols you will need to know to send email from it. The first protocol is 'helo' - yes one if my memory serves me correct. This is telling the mail server literly "hello". You are identifying yourself, and of course, the mail server will say something back. Also "MAIL FROM:" is the protocol used to define the sending email address. "RCPT TO:" is who the recipitent is. "SUBJECT:" is for the subject, and "DATA" starts the message. "." on a single line by itself ends the message. Thats it! Thats all the SMTP protocols you need to know to do this.

If you want to read up on SMTP indepth please read this: http://www.ietf.org/rfc/rfc0821.txt

So to send a mail from a mailserver to an email address, you send the following:

helo
MAIL FROM: youremailaddress@email.com
RCPT TO: someone@someone.com
SUBJECT: mail test
DATA
hello this is an test email  from Decemberunderground.
Please do not reply
.

You can manually type this into to mailserver via telnet if you want to test that the mail server actually sends mail. Now the next thing to do is to send this multiple times to your email account to test how it will stand up to another mail bombing. For this we will write our own cleint, which will basically send the information above, in a loop  x amount of times. The reason im getting you to write it yourself is as i've said twice in this post already, don't trust random mail bombers on the internet.

/* STMP mail bomber 
   example
   11.09.2007
*/


import java.net.*;
import java.io.*;
import java.util.*;

public class mailbomb{
public static void main(String[] args) throws Exception{
    
        /* below are the vars for the mail server address
          the port it uses (25) and the email address that you want 
          to mass mail */    
        
    String server = "127.0.0.1"; 
           int port = 25;  
    String rcpt = "youremail@email.com";    
            

        Socket socket = new Socket(server,port);
    BufferedReader inputStream =
                               new BufferedReader(new InputStreamReader(
                               socket.getInputStream()));

    PrintWriter outputStream =
                             new PrintWriter(new OutputStreamWriter(
                             socket.getOutputStream()),true);
    

        /* the code below sends an email to 'rcpt' 100 times
           you can change that by editing the i<100 line */


    for ( int i=0; i<100; i++ )
       {
         outputStream.println("helo");
         outputStream.println("MAIL FROM: test@test.com");
         outputStream.println("RCPT TO:"+rcpt);
             outputStream.println("SUBJECT: whats the story morning glory");
         outputStream.println("DATA");
             outputStream.println("Darren and Wess - Razor and Blade?");
             outputStream.println(".");
    }

socket.close(); //Close the socket


}
}

You can also use inputStream to read the input from the mail server if you want. That is extreamly simple code in java that i just wrote there, i havn't tested it or anything and you may have to change the lines in the for loop if your mail server requires anything else.

It would be best to do this on a LAN rather than a WAN facing box, given that you don't want to add to internet pollution.

Vako makes a very good point, i suggest you do this over a LAN rather than the net, as the amount of traffic you send could have adverse effects on random machines your info is being routed through to get to the destination. Just like the evil bastard did to you when you got mailed bombed, you could do the same thing to someone else by accident.

Also im assuming you actually own the server as in your post you said 'my server'. However If this is just an website/email account you got off a hosting provider DO NOT DO THIS. Chances are there are other users with different email and website accounts on the same server. Even if you have a server dedicated to you, i would ask them permission before mail bombing a machine on their network.

Hope this helps dude! Atleast the postives of getting mail bombed was that you now got to learn how mail servers and clients works :).

Jahova

[Xidus]

In theory you could also do this with a simple perl script if you were on nix and wanted to save some resources.. Dont really have time to write a client to do it now but yeah.. could be done. Maybe i do have time ;)

#!/usr/bin/perl
# bomb.pl -- Simple perl script to send a provided message 100 times to the local mail server
# Xidus

use strict;
use IO::Socket;

my $sock = new IO::Socket::INET(PeerAddr => 'localhost', PeerPort => '25', Proto => 'tcp') or die "mooot";
my $message = "helonMAIL FROM: youremailaddress@email.comnRCPT TO: someone@someone.comnSUBJECT: mail testnDATAnAt least i have chickenn.";

for (my $i=0;$i<100;$i++) {
  print $sock $message or die "ching";
}
close($sock);

coyote:~/Desktop# time perl bomb.pl

real    0m0.096s
user    0m0.064s
sys     0m0.032s

[cooper]

Start by setting up Postfix and deactivate the outgoing mail process (or misconfigure it so it all gets queued).

Queue up a ton of messages, then make a backup of the spool in case you want to hit your box again.

Get Postfix to spit out the messages, and watch your server squirm in agony.

This method accidentally killed an Exchange server at work back in the NT4 days.

[Angablade]

here is a tool i made..

gui from the smiler

http://www.2xtreme.org/pages/Extras/Files/BurnMail.php

[SomeoneE1se]

you should take that down before it's abused

[cooper]

Yeah, really. It is a really _bad_ idea to make something like this available publicly.

Buttaahhhh.... What's your email address?