Skip to content

Instantly share code, notes, and snippets.

@cmbaughman

cmbaughman/OpenRelays.md

Created August 28, 2015 21:25
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cmbaughman/d59e047a3488e8563596 to your computer and use it in GitHub Desktop.
Save cmbaughman/d59e047a3488e8563596 to your computer and use it in GitHub Desktop.
Download ZIP
Taking Advantage of Open Relays
Raw
OpenRelays.md

#Taking advantage of open relays

##Introduction

An open relay is a mail server that allows anyone to send email through it. Unfortunately this used to be the default and in some cases still is, but it has become a tool in most spammers arsenals, to send unsolicited email to anyone and sometimes from anyone. This is no longer the default configuration in many cases, however sometimes you'll find that sys admins either from lazyness or just not thinking of security when configuring a server, create open relays all the time.

##Testing procedure

To test for an open relay, one can either use one of the many excellent tools, such as (http://www.aupads.org/test-relay.html), it's quite simple to check for. But how does one actually do this manually? If you know how, you'll understand better the problem and how applications we use everyday work.

First you must have a target to try. The standard port is 25 for SMTP service but can be configured to be a different port. For this example, I'll be using the fake ip address of 1.2.3.4. Note: how you make the connection is up to you, it's easiest to use telnet, but you could use netcat or nc as well.

In your terminal do the following:

telnet 1.2.3.4 25

That command of course is using the program telnet to connect to the ip address 1.2.3.4 over the SMTP port (25).

Type EHLO to start the communication. Note: you can also use HELO sometimes as well, however EHLO is a verb that exists in the Extended SMTP verb set that is supported in most of the current SMTP services out there. Also, if you know the domain, or you have a domain you want to try sending from, you can type for example EHLO whatever.com. I typically leave it off though and if it will let me just use EHLO.

Next commands I'll run through quickly because they should be much more self explanatory:

MAIL FROM:whoever@whatever.com

If that works you should see a message from the server with something like 250 OK or similar.

RCPT TO: address@somewhere.com

You'll see another 250 message.

DATA

This tells the server you are going to start inputing the data of the message. Next, type:

SUBJECT: Your Subject

That is of course your subject, press enter twice. Type your message, and end it by hitting enter twice, or whatever it told you to do if something else.

This is a test message. Hello!

Now, hit enter twice again, and then type a period . and hit enter. That's it, you should see some feedback from the server if all went well or not. You should also see your message, but check the spam filter in some cases because this relay could be on a spam list as many relays are. However, many are not!

Simply type QUIT to close the connection and end this session. Keep in mind there are many other commands and things you can do, which very from server to server. One I like is getting a success or failure message from delivery, by replacing the RCPT TO command above with:

RCPT TO:whoever@whereever.com 
notify=success,failure

That's all for now, and keep in mind this isealry for informational purposes and I will not assume any responsibility for anything you do with it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment