Telnet and spoofing emails

JohnB · Post by **JohnB** » 04 Jun 2010, 08:09

I've been reading some old threads and I found this guide http://www.wikihow.com/Send-Email-Using-Telnet .

I'm having trouble finding an SMTP server which I can connect to. In an old thread b_b said a good way to find an SMTP server with an open port on 25 was to look at the headers of a spam email. Well I did but I couldn't connect to the server. Here are the headers:

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtTQ0w9NA==
X-Message-Status: n:0
X-SID-PRA: HSBC Personal Banking. <internet-banking@info.co.uk>
X-AUTH-Result: NONE
X-Message-Info: 6sSXyD95QpUQc3fTPQC8OddAPD5MbMhlMZWwQdtandpZ0xCG6TD/KWCHxXS0h6yHd5vsGhB961RrW1eqnIksbd50DXlGaD9+
Received: from mailrelay.embarq.synacor.com ([208.47.184.3]) by col0-mc4-f17.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Fri, 4 Jun 2010 01:40:17 -0700
Return-Path: <internet-banking@info.co.uk>
X-BINDING:
X-Spam-Rating: None
X_CMAE_Category: 0,0 Undefined,Undefined
X-CNFS-Analysis: v=1.1 cv=48lhubfx7B0Ev5nIxPlzNAjH+uBsUfxuMbbbfjLUNqg= c=1 sm=0 a=Dyoqhi_TatcA:10 a=Avd7O6GupxgA:10 a=0qYQvVkOOIcA:10 a=Cfj4BQAnxiAA:10 a=zHTZQYNBJghVvDB4ldS2KA==:17 a=PvztKptnAAAA:8 a=1O94DxvgAAAA:8 a=_caZwr1JdiA7fLaLMX0A:9 a=snKWX5vyAjqfGxbcUBEA:7 a=0pK8jOxfuhxASc2IBC2TFqB2ONUA:4 a=Ft8UYL4EG9YA:10 a=IX6LPOTi4cNG0Umr:21 a=f9VvzBt46ZY_WH15:21 a=zHTZQYNBJghVvDB4ldS2KA==:117
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
Authentication-Results: smtp02.embarq.synacor.com smtp.user=bannerjeff; auth=pass (LOGIN)
Received: from [195.230.8.33] ([195.230.8.33:23200] helo=User)
by mailrelay.embarq.synacor.com (envelope-from <internet-banking@info.co.uk>)
(ecelerity 2.2.2.40 r(29895/29896)) with ESMTPA
id 38/6E-05589-54BB80C4; Fri, 04 Jun 2010 04:40:16 -0400
From: "HSBC Personal Banking."<internet-banking@info.co.uk>
Message-ID: <38.6E.05589.54BB80C4@smtp02.embarq.synacor.com>
Subject: Incoming Payment Notification. Fri 04/06/2010
Date: Fri, 4 Jun 2010 09:40:12 +0100
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
X-OriginalArrivalTime: 04 Jun 2010 08:40:17.0599 (UTC) FILETIME=[8F2F14F0:01CB03C1]

Is col0-mc4-f17.Col0.hotmail.com not the SMTP server?

Post by **floodhound2** » 04 Jun 2010, 18:37

You need a user name and password to connect to a server.

Post by **bad_brain** » 05 Jun 2010, 05:23

yep:

220 mailrelay.embarq.synacor.com ESMTP ecelerity 2.2.2.40 r(29895/29896) Sat, 05
Jun 2010 07:19:40 -0400
helo whatever
250 smtp03.embarq.synacor.com says HELO to 217.228.252.227:2552
mail from: test@test.com
250 SPF validation soft failure
rcpt to: test@test.org
554 Authentication Failed, must login

there are mail server that don't need a authentication at all, those are called open relays (usually pwnd or misconfigured servers), to check if a server is an open relay you can save time by using services like http://www.checkor.com/

let's see what it says about the suck-o server:

220 serv.suck-o.com sucky mail server
HELO ortest.checkor.com
250 serv.suck-o.com
RSET
250 2.0.0 Ok
MAIL FROM: test@checkor.com
250 2.1.0 Ok
RCPT TO: test1@checkor.com
554 5.7.1 : Relay access denied

nope...

JohnB · Post by **JohnB** » 05 Jun 2010, 14:08

Thanks for the pointers b_b and floody. I'll report back if I have any successes...

n0sferatu · Post by **n0sferatu** » 05 Jun 2010, 14:58

usually every ISP has an smpt server for email open for costumers.