#Taking advantage of open relays
##Introduction
An open relay is a mail server that allows anyone to send email through it. Unfortunately this used to be the default and in some cases still is, but it has become a tool in most spammers arsenals, to send unsolicited email to anyone and sometimes from anyone. This is no longer the default configuration in many cases, however sometimes you'll find that sys admins either from lazyness or just not thinking of security when configuring a server, create open relays all the time.
##Testing procedure
To test for an open relay, one can either use one of the many excellent tools, such as (http://www.aupads.org/test-relay.html), it's quite simple to check for. But how does one actually do this manually? If you know how, you'll understand better the problem and how applications we use everyday work.
First you must have a target to try. The standard port is 25 for SMTP service but can be configured to be a different port. For this example, I'll be using the fake ip address of 1.2.3.4. Note: how you make the connection is up to you, it's easiest to use telnet, but you could use netcat or nc as well.
In your terminal do the following:
telnet 1.2.3.4 25
That command of course is using the program telnet to connect to the ip address 1.2.3.4 over the SMTP port (25).
Type EHLO
to start the communication. Note: you can also use HELO
sometimes as well, however EHLO is a verb that exists in the Extended SMTP verb set that is supported in most of the current SMTP services out there. Also, if you know the domain, or you have a domain you want to try sending from, you can type for example EHLO whatever.com
. I typically leave it off though and if it will let me just use EHLO.
Next commands I'll run through quickly because they should be much more self explanatory:
MAIL FROM:whoever@whatever.com
If that works you should see a message from the server with something like 250 OK or similar.
RCPT TO: address@somewhere.com
You'll see another 250 message.
DATA
This tells the server you are going to start inputing the data of the message. Next, type:
SUBJECT: Your Subject
That is of course your subject, press enter twice. Type your message, and end it by hitting enter twice, or whatever it told you to do if something else.
This is a test message. Hello!
Now, hit enter twice again, and then type a period .
and hit enter. That's it, you should see some feedback from the server if all went well or not. You should also see your message, but check the spam filter in some cases because this relay could be on a spam list as many relays are. However, many are not!
Simply type QUIT
to close the connection and end this session. Keep in mind there are many other commands and things you can do, which very from server to server. One I like is getting a success or failure message from delivery, by replacing the RCPT TO
command above with:
RCPT TO:whoever@whereever.com
notify=success,failure
That's all for now, and keep in mind this isealry for informational purposes and I will not assume any responsibility for anything you do with it.