Lets say that one company has site with contact page where emails are shown: [email protected], [email protected].
I have found that Exim from DA (newest, without any customization) enables u to send email from AS [email protected] TO [email protected] without authentification (mail sent from other server/IP).
Such impersonation souldnt be possible.
Also tested on other hosting companies servers that have DA, same problem every server.
I have found that Exim from DA (newest, without any customization) enables u to send email from AS [email protected] TO [email protected] without authentification (mail sent from other server/IP).
Such impersonation souldnt be possible.
Code:
telnet mediart.pl 25
Trying 195.242.117.20...
Connected to mediart.pl.
Escape character is '^]'.
220 mail.mediart.pl
EHLO up7.pl
250-mail.mediart.pl Hello mail.mediartcloud.pl [89.40.145.69]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
mail from: [email protected]
250 OK
rcpt to: [email protected]
250 Accepted
data
354 Enter message, ending with "." on a line by itself
test
.
250 OK id=1eczXP-0001lt-9G
quit
221 mail.mediart.pl closing connection
Connection closed by foreign host.
Also tested on other hosting companies servers that have DA, same problem every server.
Last edited: