Make your own free website on Tripod.com

SMTP, Mail via Port 25

SMTP is Simple Mail Transfer Protocol. This text was written to explain Mail Spoofing, anonymous mail, and using Telnet to Port 25. Experts can tell if mail was Spoofed, and they can locate you by contacting the Server which the mail came from.

It is NOT illegal to send mail via Port 25 of any web server that does not have mail relay disabled, but obviously using this tactic for harassing, or threatening others, or using fake mail to obtain personal information will attract the attention of the Police or Sysadmins and get you BUSTED!

Ok, Lets get Started!

Of course this assumes you use Windows 9x.

Click on START, and Select RUN...

Type TELNET in the dialog box and press Enter

The TELNET program starts....

At the top, Select TERMINAL, a menu opens....

Choose PREFERENCES, a dialog box opens, you see Terminal Options, Emulation, etc

Make sure there is a Check Mark in the box for ENABLE LOCAL ECHO, buffer should be 25, and Emulation should be VT-100/ANSI

Click on the OK button, the dialog box closes..

At the top, Select CONNECT, a menu drops down, Select REMOTE SYSTEM, a dialog box opens...

You see a box with HOST NAME, PORT, TERMTYPE...

In the HOST NAME, you can enter any web server that allows Mail Relay,* (www.whateverworks.com)

In the PORT, clear the box, and enter the numbers 25,

The TERMTYPE should be VT100...

Click on the button CONNECT

 

* Some Servers DO NOT ALLOW MAIL RELAY, you will have to surf and run a few PORT SCANs to find servers that have Port 25 open for SMTP, and even then, some Sysadmins disable Mail Relay if you do not use certain commands or have an address approved for SMTP on that server. There are plenty of servers that allow Mail Relay though..

 

 

OK! If you Connected to a Server , you should something like :

220 gnr.u2me3.com ESMTP Sendmail 8.9.3/8.9.3; Mon, 31 Jan 2000 01:45:38 -0500

gnr.u2me3.com is the server you connected to, I believe ESMTP Sendmail is the daemon Mail program..

 

TYPE IN THE LINES AS SHOWN, except use what ever you like as the fake sender, and who you want to send the mail to. I used President/Whitehouse.gov and my E-mail address for this example..

 

MAIL FROM: President@whitehouse.gov, hit enter

you might see :

250 President@Whitehouse.gov... Sender ok

RCPT TO: C0VERTl@Excite.com, hit enter

you might see:

250 C0VERTl@excite.com... Recipient ok

 

DATA, hit enter

you might see:

354 Enter mail, end with "." on a line by itself

 

TYPE IN YOUR MESSAGE, its ok to hit enter for the next line

I wrote:

I want to appoint you to be the Supreme Being of the Internet, I will Pay you
$2,000,000,000.00 a Year, plus all the free internet time you want
please reply to this offer soon
President Bill Clinton

 

When Finished, put a "." period on a line by itself, hit enter..

you might see:

250 BAA07042 Message accepted for delivery

 

Exit from the Telnet program, or to send another mail, start at the top again. Note, avoid errors because you cannot use back space to go back and type over. Also, some servers may not show you the greeting, or the stuff ' you might see ' above.

Also some servers may provide assistance if you Type HELP, and hit enter.

 

Here is what the Telnet Program showed on the Screen when I was finished:

220 gnr.u2me3.com ESMTP Sendmail 8.9.3/8.9.3; Mon, 31 Jan 2000 01:47:25 -0500
Mail from: President@Whitehouse.gov
250 President@Whitehouse.gov... Sender ok
rcpt to: C0VERTl@excite.com
250 C0VERTl@excite.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
I want to appoint you to be the Supreme Being of the Internet, I will Pay you
$2,000,000,000.00 a Year, plus all the free internet time you want
please reply to this offer soon
President Bill Clinton

.
250 BAA07042 Message accepted for delivery

The Stuff in RED was what I typed in.

 

Ok, So what did the E-Mail look like to the Recipient?

Date:Mon, 31 Jan 2000 01:47:41 -0500
From:
President@Whitehouse.gov
Subject:

I want to appoint you to be the Supreme Being of the Internet, I will Pay you
$2,000,000,000.00 a Year, plus all the free internet time you want
please reply to this offer soon
President Bill Clinton

WOW! I got mail from the President at the Whitehouse!!!

REALLY?

No, not really...

If you have the ability to select SHOW FULL HEADERS, you will see.....

f 3

Return-Path:<President@Whitehouse.gov>

Received:from gnr.u2me3.com ([209.198.56.2]) by hissy.excite.com (InterMail vM.4.01.02.31a
201-229-119-114) with ESMTP id
<20000131052230.HGZR16213.hissy.excite.com@gnr.u2me3.com> for
<C0VERTl@excite.com>; Sun, 30 Jan 2000 21:22:30 -0800
Received:
from FlintA1-131.comserv.net (FlintAS1-131.compserv.net [209.XXX.97.XXX] (may
be forged)) by gnr.u2me3.com (8.9.3/8.9.3) with SMTP id BAA07042 for
C0VERTl@excite.com; Mon, 31 Jan 2000 01:47:41 -0500
Date:
Mon, 31 Jan 2000 01:47:41 -0500
From:
President@Whitehouse.gov
Message-Id:
<200001310647.BAA07042@gnr.u2me3.com>
X-Authentication-Warning:
gnr.u2me3.com: FlintA1-131.comserv.net [209.XXX.97.XXX] (may be forged) didn't
use HELO protocol


I want to appoint you to be the Supreme Being of the Internet, I will Pay you
$2,000,000,000.00 a Year, plus all the free internet time you want
please reply to this offer soon
President Bill Clinton

Hmm, Smart server, it said the mail MAY BE FORGED! And Darn it!, there is my ISP and IP!

Received:
from FlintA1-131.comserv.net (FlintAS1-131.compserv.net [209.XXX.97.XXX] (may
be forged)) by gnr.u2me3.com (8.9.3/8.9.3) with SMTP id BAA07042

( I XX'ed out my IP in this text)

This shows the path of the Mail, My ISP, my IP, and the server I used to send this Spoofed mail.

WHAT DID YOU LEARN?

 

Its not so hard to Spoof E-Mail

Check the E-Mail headers if you recieve Questionable E-Mail

If you are a Sysadmin, you might want to disable port 25, or at least configure it so outsiders cannot use your server for mail relay.

 

OTHER TIPS FOR SMTP...

First, always try typing HELP and see if it has a helpful list of commands available, a smart sysadmin would disable HELP in SMTP because he/she doesn't want you to figure out how the SMTP is configured.

Other Commands that might be available, These commands are for a DSMTP v2.7k.

HELO , proper use would be HELO Validusername. Example HELO Hacker1
HELO identifies you as an authorized user for SMTP/DSMTP on that server.



EHLO , proper use would be EHLO Validusername. Example EHLO Hacker1 EHLO, identifies you as an authorized user on the server, for ESMTP.

RSET, resets the current session, all mail and rcpt entries will be dumped.

QUIT, terminates the connection, aborts any incomplete transactions.

VRFY, verifies whether or not a message addressed to would be delivered locally.

AUTH, initiates a SASL authenticated transaction.

ETRN, proper use would be ETRN , like ETRN College.Edu, or ETRN Staff@College.edu. This queues any pending messages to that person.

Thats it for now, As I come across more commands I will update this page, commands also vary by SMTP daemons/software/OS's so they will have to be categorized by those.

By: C0VERTl

 

Covert Links