[AusNOG] Did you wake up one day as a slave? unmask the reality of our financial existence.

Scott Howard scott at doc.net.au
Fri Mar 1 18:23:05 EST 2013


OK.

scott at zaphod:~$ telnet gmail-smtp-in.l.google.com 25
Trying 2607:f8b0:4001:c02::1a...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP pd3si8526298icb.35 - gsmtp
helo there
250 mx.google.com at your service
mail from:<march.tim at gmail.com>
250 2.1.0 OK pd3si8526298icb.35 - gsmtp
rcpt to:<march.tim at gmail.com>
250 2.1.5 OK pd3si8526298icb.35 - gsmtp
data
354  Go ahead pd3si8526298icb.35 - gsmtp
Subject: Your mum...

Is on the top of my things to do list.
.
*250 2.0.0 OK 1362122528 pd3si8526298icb.35 - gsmtp*


(Probably went to your spam folder as I didn't bother with all of the
normal headers, but that's not the point...)

  Scott



On Fri, Mar 1, 2013 at 8:24 AM, Tim March <march.tim at gmail.com> wrote:

>
> Yeah, that's awesome... Why don't you try and actually deliver some
> messages that way without authenticating and see if they get through.
>
> --- BEGIN PASTE ---
> [null at sapsec01 ~]$ nc -vvv aspmx.l.google.com 25
> Connection to aspmx.l.google.com 25 port [tcp/smtp] succeeded!
> 220 mx.google.com ESMTP h9si11359631paz.63 - gsmtp
> HELO aspmx.l.google.com
> 250 mx.google.com at your service
> MAIL FROM:<spam.lord at gmail.com> <spam.lord at gmail.com>
> 250 2.1.0 OK h9si11359631paz.63 - gsmtp
> RCPT TO:<march.tim at gmail.com> <march.tim at gmail.com>
> 250 2.1.5 OK h9si11359631paz.63 - gsmtp
> DATA
> 354  Go ahead h9si11359631paz.63 - gsmtp
> From: Spam Lord <spam.lord at gmail.com> <spam.lord at gmail.com>
> To: [Tim March] <march.tim at gmail.com> <march.tim at gmail.com>
> Date: Fri, 01 Mar 2013 17:02:27 +1100
> Subject: Your mum...
>
> Is on the top of my things to do list.
>
>
>
> .
> *crickets*
> ^C
> [null at sapsec01 ~]$
> --- END PASTE ---
>
>
>
> T.
>
> On 1/03/13 4:38 PM, Scott Howard wrote:
>
> On Fri, Mar 1, 2013 at 5:33 AM, Tim March <march.tim at gmail.com> wrote:
>
>>  On 1/03/13 12:22 PM, Heinz N wrote:
>>
>> IMHO : If the ausnog SMTP MTA relays for ausnog.net, then the external
>> spammer can pretend to be FROM ausnog.net, sending TO ausnog.net. The
>> SMTP agent will then relay with no questions asked. No pwnage required.
>>
>>
>>  This is a Bad Thing ™ from a security perspective. Imagine the amount
>> of spam you'd get if Google allowed unauthenticated localdomain relay for
>> gmail.com.
>>
>
>  Umm.. They do.  It's called "inbound email".
>
>   scott at zaphod:~$ telnet gmail-smtp-in.l.google.com 25
> Trying 2607:f8b0:4001:c02::1a...
> Connected to gmail-smtp-in.l.google.com.
> Escape character is '^]'.
> 220 mx.google.com ESMTP pd3si9862485icb.71 - gsmtp
> helo there
> 250 mx.google.com at your service
> mail from:<march.tim at gmail.com>
> 250 2.1.0 OK pd3si9862485icb.71 - gsmtp
> rcpt to:<march.tim at gmail.com>
> 250 2.1.5 OK pd3si9862485icb.71 - gsmtp
>
>    Scott
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130301/71757cd1/attachment.html>


More information about the AusNOG mailing list