• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Impersonation Possible?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Impersonation Possible? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Impersonation Possible? - 18.May2002 6:49:00 PM   
wanttoknow

 

Posts: 6
Joined: 30.Jan.2002
From: Canada
Status: offline
Hi Board Members!

I run SBS2000 with Exchange and I'm wondering if it is possible to impersonate me and send virus e-mail to others.

I received a e-mail complaint from someone I don't know (and is NOT on my contact list - I use Outlook 2000) that says that I'm repeatedly sending virus e-mail to her.

I have all the latest MS patches (both for Exchange, IIS, and Outlook) and I run Norton Antivirus (virus def updated weekly) and have personally not received any virus warning.

I have almost 200 business contacts in my contact list and no one has complained about receiving virus e-mail from me.

I'm really confused. How could someone who's not even in my contact list be receiving virus from me when no one else is? I have e-mailed the peron back and confirmed that the complain was ligitimate (message property says that the mail originates from my domain).

Please advise!
Post #: 1
RE: Impersonation Possible? - 13.Jun.2002 10:27:00 PM   
DaDougInc

 

Posts: 845
Joined: 17.May2002
From: NC
Status: offline
Yes you can impersonate your address - I do it as a joke (YOU FIRED! from CEO)...its funny!

Anyway, here is an example command to impersonate JOHN SMITH (jsmith@domain.com)

TELNET COMMANDS
HELO DOMAIN.COM
>250 Hello
MAIL FROM:<jsmith@domain.com>
>250 Mail From OK (or something like that)
RCPT TO:<you@yourdomain.com)
>250 Recipient OK
DATA
>Go ahead man...
FROM:JOHN SMITH
TO:YOU
SUBJECT:TEST MY VIRUS FOR ME!
<attach the virus>
.
Queued for delivery

You can do the same exact thing through OUTLOOK EXPRESS. Keep in mind that if they do a message track or trace, it will show that you did not send the message (look at the message headers)

Good Luck!

(in reply to wanttoknow)
Post #: 2
RE: Impersonation Possible? - 18.Jul.2002 3:54:00 PM   
evh5150

 

Posts: 5
Joined: 18.Jul.2002
From: USA
Status: offline
Doug,
Is it possible to secure the server such that impersonation of this type is not possible?

I have the same configuration as above, relaying is restricted and working properly, but I can't figure out how to keep someone from either sending mail inside using whatever FROM address they choose, or sending mail inside OR outside using a valid INSIDE mailbox name.

There must be some way to do this. The possible legal problems are what drives my need to stop this.

Any help is appreciated.

(in reply to wanttoknow)
Post #: 3
RE: Impersonation Possible? - 18.Jul.2002 11:17:00 PM   
jokan

 

Posts: 36
Joined: 10.Jan.2002
From: Florida
Status: offline
The KLEZ virus send emails to email addresses found in the Temporary Internet files of an infected user. Ofter posing as one of the cached email addresses. As Doug says check the header and the real sender will be listed.

[ July 18, 2002, 11:17 PM: Message edited by: John Anderson ]

(in reply to wanttoknow)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Impersonation Possible? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter