On Fri, 4 Aug 2000 03:54:21 -0400 (EDT), Thomas Mueller wrote:
> Some Arachne list members wanted to know how to send mail through an open relay.
> I tried and succeeded on the first attempt, using an open relay from a spam
> message I received. Using X_MAIL.EXE in UKA_PPP, I saved the outgoing file to
> \UKA17X1\UKA_PPP\SPOOL\M0001.OUT and ran the command
> COMTCP -o -p 25 202.194.145.66 X_MAIL
> simply typing the open relay name or IP address in place of the usual SMTP
> server. This was done in an OS/2 Warp 4 VDM from an OS/2 Internet connection.
> In straight DOS, you could use TCPPORT 202.194.145.66 25 X_MAIL
> I trust none of you reading this will use this info to send a flood of spam :<)
> Here is the result:
>> From POPmail Wed Aug 02 02:15:42 2000
> Return-path: <[EMAIL PROTECTED]>
> Received: from dns (dns.hdpu.edu.cn [202.194.145.66]) by mailsvr1.telebot.net
> (Rockliffe SMTPRA 3.4.7) with SMTP id <[EMAIL PROTECTED]> for
> <[EMAIL PROTECTED]>;
> Tue, 1 Aug 2000 02:47:01 -0700
> Received: from bluegrass.net by dns (SMI-8.6/SMI-SVR4)
> id SAA20057; Tue, 1 Aug 2000 18:51:39 -0700
> Date: Tue, 1 Aug 2000 18:51:39 -0700
> From: <[EMAIL PROTECTED]>
> Message-Id: <200008020151.SAA20057@dns>
> To: [EMAIL PROTECTED]
> Subject: Open relay test
> X-Mailer: UKA_PPP 1.7x1
> This is a test of a spam relay just to see if I can send an e-mail message
> through it.
Hello Thomas:
OK, we can see from the headers that you did succeed in sending a message
to yourself through this open relay, "mailsvr1.telebot.net".
Nevertheless, the headers indicate *you* as being the original sender.
See the "Return-path" header. If, hypothetically, you were using this open
relay to send SPAM, you wouldn't get away with it because you would be
readily identified as the originator. If your SPAM message were reported,
then a copy of the message with the complete headers would be sent to the
system administrator at your ISP. They would take action against you. Most
probably they would shut down your account. Also you could be assessed
additional charges as a penalty for abusing the system. I don't know why
there is so much SPAM being sent these days. The guilty can easily be
tracked down and punished.
All the best,
Sam Heywood
-- This mail sent by Arachne, www graphical browser for DOS
-- Visit the Arachne DOS Browser Home Page, http://home.arachne.cz
