[Owasp-delhi] MAIL SERVER TESTING

Suryavanshi, Rajesh rajesh_suryavanshi at uhc.com
Wed Dec 16 06:32:50 EST 2009


 Hi All,
 
I need to have one clarification here regarding open relay, mail
spoofing;  Is it possible to perform mail spoofing if open relay is
blocked on a mail server.
 
 
 
Rgds.
 
Raj
 
________________________________

From: owasp-delhi-bounces at lists.owasp.org
[mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Parmendra
Sharma
Sent: Wednesday, December 16, 2009 4:45 PM
To: dhruv.soi at torridnetworks.com
Cc: owasp-delhi at lists.owasp.org
Subject: Re: [Owasp-delhi] MAIL SERVER TESTING


Hi,
 
Thanks for the comments.
 
but what i was asking is there any specific "methodology/Guideline/How
to" to test such issues.


On Wed, Dec 16, 2009 at 4:35 PM, Soi, Dhruv
<dhruv.soi at torridnetworks.com> wrote:


	Apart from standard assessment of mail server to check for
vulnerabilities in the SMTP/POP3/IMAP/OS software there are few mail
server specific test like open relay, mail spoofing, usage of plain text
protocols, user harvesting VRFY (SMTP command), Brute Force Prevention
to POP3/SMTP/webmail, Malware Evasion, SPAM Tests, Information Leakage
in bounced messages, webmail security, password policies etc.

	 

	Hope Helpful.

	 

	From: owasp-delhi-bounces at lists.owasp.org
[mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Parmendra
Sharma
	Sent: Wednesday, December 16, 2009 4:24 PM
	To: owasp-delhi at lists.owasp.org
	Subject: [Owasp-delhi] MAIL SERVER TESTING

	 

	Hello All,

	 

	Can anyone share details (How to perform vapt, any guideline,
any methodology) regarding the vulnerability asssessment and pen test
process for a MAIL SERVER.
	
	-- 
	Thanks and Regards:
	
	Parmendra Sharma
	Computer Security Analyst




-- 
Thanks and Regards:

Parmendra Sharma
Computer Security Analyst


This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20091216/6c82a893/attachment.html 


More information about the Owasp-delhi mailing list