[Owasp-delhi] MAIL SERVER TESTING

Suryavanshi, Rajesh rajesh_suryavanshi at uhc.com
Wed Dec 16 07:39:28 EST 2009


thats right vaibhav..
 
I was meant to place authentication control in between.. if we block
relay there is no use to have SMTP.
 
since it was mentioned below: test like open relay, mail spoofing, both
are interconnected.  We test open relay to prevent mail spoofing.
 
 
Rgds, 
 
Raj

________________________________

From: vaibhav aher [mailto:vaibhavaher at gmail.com] 
Sent: Wednesday, December 16, 2009 5:44 PM
To: Suryavanshi, Rajesh
Subject: Re: [Owasp-delhi] MAIL SERVER TESTING


Hello Raj.
 
If you block there Relay you will not able to send the mails. Then there
will be no use of SMTP.
Kindly refer to SMTP AUTH, to stop Open Mail Relay.
 
Regards
Vaibhav 
IS Consultant.


On Wed, Dec 16, 2009 at 5:02 PM, Suryavanshi, Rajesh
<rajesh_suryavanshi at uhc.com> wrote:


	 Hi All,
	 
	I need to have one clarification here regarding open relay, mail
spoofing;  Is it possible to perform mail spoofing if open relay is
blocked on a mail server.
	 
	 
	 
	Rgds.
	 
	Raj
	 
________________________________

	
	From: owasp-delhi-bounces at lists.owasp.org
[mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Parmendra
Sharma
	
	Sent: Wednesday, December 16, 2009 4:45 PM
	To: dhruv.soi at torridnetworks.com
	Cc: owasp-delhi at lists.owasp.org
	Subject: Re: [Owasp-delhi] MAIL SERVER TESTING
	
	
	Hi,
	 
	Thanks for the comments.
	 
	but what i was asking is there any specific
"methodology/Guideline/How to" to test such issues.
	
	
	On Wed, Dec 16, 2009 at 4:35 PM, Soi, Dhruv
<dhruv.soi at torridnetworks.com> wrote:
	

		Apart from standard assessment of mail server to check
for vulnerabilities in the SMTP/POP3/IMAP/OS software there are few mail
server specific test like open relay, mail spoofing, usage of plain text
protocols, user harvesting VRFY (SMTP command), Brute Force Prevention
to POP3/SMTP/webmail, Malware Evasion, SPAM Tests, Information Leakage
in bounced messages, webmail security, password policies etc.

		 

		Hope Helpful.

		 

		From: owasp-delhi-bounces at lists.owasp.org
[mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Parmendra
Sharma
		Sent: Wednesday, December 16, 2009 4:24 PM
		To: owasp-delhi at lists.owasp.org
		Subject: [Owasp-delhi] MAIL SERVER TESTING

		 

		Hello All,

		 

		Can anyone share details (How to perform vapt, any
guideline, any methodology) regarding the vulnerability asssessment and
pen test process for a MAIL SERVER.
		
		-- 
		Thanks and Regards:
		
		Parmendra Sharma
		Computer Security Analyst




	-- 
	Thanks and Regards:
	
	Parmendra Sharma
	Computer Security Analyst
	
	This e-mail, including attachments, may include confidential
and/or
	proprietary information, and may be used only by the person or
entity
	to which it is addressed. If the reader of this e-mail is not
the intended
	recipient or his or her authorized agent, the reader is hereby
notified
	that any dissemination, distribution or copying of this e-mail
is
	prohibited. If you have received this e-mail in error, please
notify the
	sender by replying to this message and delete this e-mail
immediately.

	_______________________________________________
	Owasp-delhi mailing list
	Owasp-delhi at lists.owasp.org
	https://lists.owasp.org/mailman/listinfo/owasp-delhi
	
	



This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20091216/98bcdd5f/attachment.html 


More information about the Owasp-delhi mailing list