Government Security
Network Security Resources

Jump to content

Photo

Forging Undeliverable Email


  • Please log in to reply
4 replies to this topic

#1 bonarez

bonarez

    Retired GSO Second Lieutenant

  • Sergeant Major
  • 1,252 posts

Posted 16 August 2009 - 10:46 AM

hey,

Anyone knows about software for making fake 'Undeliverable Email' mails?

I know it should be possible if some adresses in the headers can be spoofed but I have no idea where to start here

One of my users has a 'personal problem' > if it where on my network I could just use sendmail and recreate a real undeliverable (and I don't wonna go over there to do it, give your users a finger and they'll take your arm)

Did a litlle googling but not much I can find, any thoughts?

bonarez

EDIT: this question is now categorized as hypothetical
"Ask the right question and you will receive the right answer. I'm just very sensitive about the right syntax"

Read the rules before you post

#2 Marts McFly

Marts McFly

    Second Lieutenant

  • Second Lieutenant
  • 591 posts

Posted 16 August 2009 - 05:08 PM

hey,

Anyone knows about software for making fake 'Undeliverable Email' mails?

I know it should be possible if some adresses in the headers can be spoofed but I have no idea where to start here

One of my users has a 'personal problem' > if it where on my network I could just use sendmail and recreate a real undeliverable (and I don't wonna go over there to do it, give your users a finger and they'll take your arm)

Did a litlle googling but not much I can find, any thoughts?

bonarez

EDIT: this question is now categorized as hypothetical


Maybe it's monday morning and my lack of coffee but i'm a little unclear on what you mean. Does your user want to "hypotehtically" send an 'undeliverable mail' to a recipient so it looks like your user never received that email... or something similar?

I havent touched any of those spam-box spoof type email generators so i'm not sure if one of them would work..(im sure they would, but would you really want to touch one of them... yuck) but like you said.. .the easiest thing to do would probably set up a quick and dirty sendmail install (if you dont aalready have one) and send one from there.
Certified Information Systems Security Professional (CISSP)

T: http://twitter.com/Marts_McFly

B: http://www.backtosecurity.com

#3 bonarez

bonarez

    Retired GSO Second Lieutenant

  • Sergeant Major
  • 1,252 posts

Posted 17 August 2009 - 12:10 AM

user is getting email's from someone she'd rather avoid.. she would like to have fake undeliverable sent so that person thinks the email address does not exist anymore..

this is happening on her personal mail account > ISP mailserver..

I was wondering if I could spoof the headers and make it look like the mail came from the ISP mailserver..

/http://www.familymonitor.co.uk/familyemailspooferfree.html is something I found..
"Ask the right question and you will receive the right answer. I'm just very sensitive about the right syntax"

Read the rules before you post

#4 Marts McFly

Marts McFly

    Second Lieutenant

  • Second Lieutenant
  • 591 posts

Posted 17 August 2009 - 12:47 AM

oh ok, im with you.

If this is an ISP mail system. Would there be a possibility of her emailing customer support saying she is getting un-wanted/harassment emails from this address (douche@yahoo.com) and would it be possible for them to create a filter rule to block this address coming to her (and hopefully sending back a non delivery report [bounceback] to douche saying 'mail cannot be delivered 550 access denied - which would probably be standard) If they will do it, will save ALOOTTT of stuffing around.

That sort of software would probably work, but i don't know how legitimate it would look (if douche knew how to read headers). And trying to link it into her email client with rules to reply as soon as douche emails her might be a little bit of effort.

You are right in saying that any mail server you set up can spoof anything you want.. and that software is just a little mail server with a nice GUI. But i don't know if you could link it in with rules to make those automatic replies.

If she did want to do this herself, and not want one of her techy friends (you) to do it for her, it may work. But if you really want to impress her... maybe you could set up a sendmail server, and have a script to send one of those crafted emails to him every day at 3am. So it looks like her ISP does bulk scripted NDR reports or something.
Certified Information Systems Security Professional (CISSP)

T: http://twitter.com/Marts_McFly

B: http://www.backtosecurity.com

#5 bonarez

bonarez

    Retired GSO Second Lieutenant

  • Sergeant Major
  • 1,252 posts

Posted 17 August 2009 - 09:05 AM

Asking the isp to do it would result in a 'no' > I used to work for them..

Getting something like this 'organised' on your own network could be easy indeed, if you can hook up your firewall to sendmail. IPTables could do that.. That way it would look 'legit' to me.. > Would be a bit more difficult on my networks, using a blackboxed fw (can't remember the name) and exchange 2007..

The 'bulk' idea is actually pretty good > didn't think of that..

No I do not want to impress her (married + not my type :) ) think I'll just show her the software and allow her to 'test' it on me, will post results if any..

tnx for your thoughts m8 > 2 minds are allways better then one at tackling strange issues!
"Ask the right question and you will receive the right answer. I'm just very sensitive about the right syntax"

Read the rules before you post




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users