On Thu, 2004-02-05 at 09:16, elemint@hotpop.com wrote: > What is the best way to test for smtp authentication, relay etc. > > If evolution was set up to connect to @domain.name.com with a pop > username and password and smtp was setup to connect to the > @domain.name.com smtp server. Once they were authenticated for pop > could they then send smtp messages from another program not evolution > this being a virus of sorts that is now trying to latch on to the > connnection created with the pop authentication. > Jim, Interesting question. From my cursory look into this, it seems there are many different methods for implementing POP authentication into SMTP services. Your answer would probably vary greatly between implementations. Perhaps that is why we haven't seen this weak form of authentication exploited en masse as you described. It would be too unpredictable in the wild. However, as a penetration testing technique for a specific implementation it makes for interesting scenario. It would be simple to test. If you have access to a pop-auth smtp service, simply telnet to tcp/110 on the POP server and authenticate with the user/pass commands. Here is an example session: bernoulli > telnet pop.EyeEssPea.com 110 Trying 10.10.10.1... Connected to pop.EyeEssPea.com. Escape character is '^]'. +OK Qpopper (version 4.0.5) at pop.EyeEssPea.com starting. user BigYellowHat +OK Password required for BigYellowHat pass i-L1K3-m0nk33z +OK BigYellowHat has 3 visible messages (0 hidden) in 30946 octets. ---- Leave the authenticated POP session open and go to another terminal window. Now, telnet to tcp/25 on the smtp server from the second terminal window and try sending a POP message manually. Here's an example of that: bernoulli > telnet smtp.EyeEssPea.com 25 Trying 10.10.10.1... Connected to smtp.EyeEssPea.com. Escape character is '^]'. 220 smtp.EyeEssPea.com ESMTP Sendmail 8.12.9/8.12.6; Thu, 5 Feb 2004 08:37:50 -0800 (PST) helo user1.EyeEssPea.com 250 smtp.EyeEssPea.com Hello user1.EyeEssPea.com [10.10.10.2], pleased to meet you mail from: BigYellowHat@EyeEssPea.com 250 2.1.0 BigYellowHat@EyeEssPea.com... Sender ok rcpt to: curious@EyeEssPea.com 250 2.1.5 curious@EyeEssPea.com... Recipient ok data 354 Enter mail, end with "." on a line by itself SUBJ: I like monkeys I bought 200 of them. I took my 200 monkeys home. I have a big car. I let one drive . 250 2.0.0 i15HdiDI023440 Message accepted for delivery quit 221 2.0.0 smtp.EyeEssPea.com closing connection Connection closed by foreign host. bernoulli > ----- Let us know what you learn. I do not have access to a pop-auth smtp service to try this myself. ...Kevin