Open Relay

Need an email campaign consultant? Software developer?
Need an abuse desk consultant? Run an abuse desk and need tools?

Oh, OK...

Use dig domain.com mx to find the mailserver for a domain

For example:

penfold:~# dig majordomo.netcom.com mx
; <<>> DiG 2.1 <<>> majordomo.netcom.com mx
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; Ques: 1, Ans: 6, Auth: 4, Addit: 10
;; QUESTIONS:
;;      majordomo.netcom.com, type = MX, class = IN

;; ANSWERS:
majordomo.netcom.com.   28768   MX      0 majordomo.netcom.com.
majordomo.netcom.com.   28768   MX      30 mail.netcom.com.
majordomo.netcom.com.   28768   MX      30 mail2.netcom.com.
majordomo.netcom.com.   28768   MX      30 mail3.netcom.com.
majordomo.netcom.com.   28768   MX      10 mail6.netcom.com.
majordomo.netcom.com.   28768   MX      10 mail5.netcom.com.

;; AUTHORITY RECORDS:
netcom.com.     28792   NS      netcomsv.netcom.com.
....snip

Pick one of the mail exchangers, usually the one with the lowest number. We'll try the machine majordomo.netcom.com itself

Then telnet to the mail port of that machine (you type the stuff in red):

penfold:~# telnet majordomo.netcom.com 25
Trying 206.217.29.105...
Connected to majordomo.netcom.com.
Escape character is '^]'.
220 majordomo.netcom.com ESMTP Sendmail 8.7.5/8.7.3/(NETCOM MLS v1.01); Mon, 20
Oct 1997 17:32:57 -0700 (PDT)
HELO netcom.com
250 majordomo.netcom.com Hello d15.dial-33.mbo.ma.ultra.net [146.115.101.111], pleased to meet you
MAIL FROM:<bogus@elsewhere>
250 bogus@elsewhere... Sender ok
RCPT TO:<your@email.address>
250 Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
From: Anything you like
To: your@email.address (Or anything else)
Subject: relayed mail from majordomo.netcom.com

Just a relay test
.
250 RAA00550 Message accepted for delivery
QUIT
221 majordomo.netcom.com closing connection
Connection closed by foreign host.
penfold:~#

Easy, huh?

Then the relayed email arrives in my inbox:

Return-Path: bogus@elsewhere
Received: from majordomo.netcom.com (listless.netcom.com [206.217.29.105]) by no3.superb.net (8.8.5/8.6.12) with ESMTP id UAA19411 for ; Mon, 20 Oct 1997 20:34:19 -0400 (EDT)
Received: by majordomo.netcom.com (8.7.5/8.7.3/(NETCOM MLS v1.01)) id RAA00550; Mon, 20 Oct 1997 17:33:26 -0700 (PDT)
Date: Mon, 20 Oct 1997 17:33:26 -0700 (PDT)
Message-Id: <199710210033.RAA00550@majordomo.netcom.com>
From: Anything.you.like@majordomo.netcom.com
To: steve@blighty.com (Or anything else)
Subject: relayed mail from majordomo.netcom.com
Status:

Just a relay test

So that machine supports third party relays

This trick is pretty common knowledge, so I'm not releasing any 'how to forge email' tricks that aren't already widely available...

Sam Spade Home

Contact

Change Skin