I just tested my server and found that I could send spoofed e-mail. Good news is the headers show the originating IP address. I'd like to know how to defeat this process;
I did this from Windows XP without using any credentials whatsoever:
run > cmd > enter
telnet > enter
o mail.myserver.com 25 > enter
Mail from: [email protected] > enter
RCPT to: [email protected] > enter
DATA > enter
From: [email protected] > enter
TO: [email protected] > enter
Hello. > enter
This is a spoofed email from my server > enter
. > enter
> enter
[email protected] gets the email from the forged [email protected]
I did this from Windows XP without using any credentials whatsoever:
run > cmd > enter
telnet > enter
o mail.myserver.com 25 > enter
Mail from: [email protected] > enter
RCPT to: [email protected] > enter
DATA > enter
From: [email protected] > enter
TO: [email protected] > enter
Hello. > enter
This is a spoofed email from my server > enter
. > enter
> enter
[email protected] gets the email from the forged [email protected]