How do these online services of spoof email work?
They usually require the from domain really exists. It means there is a smtp server which accepts the connection.
Let's say I send a mail from test#xxx.com. The site will try to connect to the xxx.com smtp server and it will deliver the message.
The questions are:
How it is able to find the xxx.com domain smtp server?
To correctly deliver the message, xxx.com has to be without authentication. However, also with a fake gmail.com domain, the email is correctly sent, even though Gmail requires auth.
Related
I want to send an email to a mailbox on Gmail's servers. But I cannot understand why Google wants to authenticate me, the sender.
I want to act as the sending mail server. So using openssl, I open a TCP connection to smpt.gmail.com. Openssl takes care of the TLS handshake, and I am ready to send a message of the SMTP protocol
openssl s_client -connect smtp.gmail.com:587 -star
ttls smtp
CONNECTED(00000005)
.. Lots of TLS or SSL details ...
---
250 SMTPUTF8
I send the HELO message:
HELO smtp.gmail.com
250-smtp.gmail.com at your service
And I try to send a message:
MAIL FROM: <me#nowhere.com>
530-5.7.0 Authentication Required. Learn more at ...
But Gmail servers responds that I need to be authenticated.
I would understand authenticating with the mail server if I were reading from a mailbox, but I don't get why I need to authenticate to send a message to a mailbox.
I can't find much documentation on the internet regarding this either.
Is there some kind of mechanism where every owner of a mailserver on the planet needs to create a google account just to send emails to a gmail mailbox?
How does the mail servers at Microsoft outlook send messages to Gmail servers?
What am I missing here?
Modern SMTP splits message submission into a separate transaction, distinct from message transport. You are generally required to authenticate with your local MTA (Gmail's if you are sending from Gmail, Outlook if that's where you are sending from, etc) to submit a message, and then the transport network of SMTP proper takes it from there.
There used to be a time when you were able to submit a message to a remote MTA by something called direct injection, but spammers abused this (along with pretty much every other feature of email) to the point where this model was no longer sustainable.
The modern message submission protocol runs on port 587, and generally requires authentication, and thus can obviously only accept submissions from local users for whom the server has identity and authentication information.
The transport protocol, by contrast, runs on the original port number, 25, which is more or less universally firewalled now for residential IP addresses. (Inside an organization, you might still be able to connect to a local mail server on port 25 and perhaps even submit messages without authenticating.)
In addition, regular mail servers on the modern Internet need to maintain a positive reputation. This helps keep the bad apples somewhat isolated, but raises the bar for newcomers and minor independent operators. See e.g. SenderBase for one such reputation system, though the big operators typically have their own proprietary ones which are not available to outsiders.
I have a website hosted outside the organization. The mail server to recieve the message is inside the organization. The website submits a simple form to email using PHP mail function. Works on every domain tested for the recipient except for ones internal to the domain.
So website is www.domain.com. Mail server is mail.domain.com. Hosted at separate sites. When www.domain.com wants to send a message to user#domain.com it should lookup the mx record and notice that mail.domain.com is at another location and forward the message.
If I configure it to send to user#otherdomain.com, the message is successfully sent and received. But sending to the same domain responds with 550 error 'No such user here'. So I'm wondering if the webserver thinks it is supposed to be the recipient of the mail, and thus responds with 'No user here' because, frankly there is no user configured there.
So does anyone know what cpanel/whm settings need to be added/adjusted to allow this server to know that it is not responsible for mail exchanging for this domain. I do have the mx record setup properly, but don't know if it also requires an A record for the address. Any help much appreciated.
I did notice others having the same issues, but no solutions were actually proposed, so I figured I would make my own question, and see if it get's a good answer for others too that may experience the same issue.
It looks like your routing settings are incorrect. Navigate to cPanel >> MX Entry and verify that the routing setting is Remote Mail Exchanger
As the mails are to be delivered externally, setting this as Local Mail Exchanger will make cPanel think the mails are setup locally and cPanel will try to deliver mails locally. As there are no local mail accounts configured with that name, it bounces with the mentioned error.
I would suggest avoiding sending directly to the MX. Submit your message to a local mail server and let it relay to the MX for you. If you send using PHPMailer with SMTP you will get much better feedback on deliveries. As for what cPanel is doing, check the local mail server log, usually in /var/log/mail.log.
You have to change the setting from local to "Remote Mail Exchanger" in dns zone file. and also create mail account at remote location site.
I have just installed VestaCP on a fresh CentOS VPS.
I have set up email for one domain. All mail sent to that domain bounces with the error 550 smtp auth requried
I have commented out the following;
deny message = smtp auth requried
from exim.conf
I have turned off anti-spam.
I still get the bounce with this message.
Specifically, if I send an email from a gmail account google responds:
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain foobar.tld by mail.foobar.tld. [x.x.x.x].
The error that the other server returned was:
550 smtp auth requried
Any experience with this? I have seen the problem on a number of threads but have not found a solution.
I partially solved the problem. It only occurred when sending mail to the smtp server from a domain that was hosted on the same server for web but not for email. When I sent email from a domain that had nothing to do with any domains hosted on the same server as the exim instance, then it got through. I still can't send email from the domain that was causing the problem and I would like to, but I can work around it.
So to be clear in case anyone reads this:
domain1 web is hosted on server1
domain1 email is hosted on google's servers
domain2 is hosted on server1 for web and email
exim is running on server1
when I send email from thunderbird via google's server from email#domain1 to and email#domain2 the exim instance asks google's smtp server for authentication even though the mail is being delivered to a mailbox in its list of domains it can deliver to on the same physical server where it is running.
I suspect that it is suspicious of the from address, which it shouldn't be since the mx records indicate that it does not host mail for that domain.
I have configured my DNN mail server to send out mail using our companies Email service provider. I cannot send any emails to external email server.
For ex. My email provider is testx#ttt.com. I can send emails to testy#ttt.com and textz#ttt.com. However i cannot send to testy#gmail.com or testy#hotmail.com
The error i see in the DNN event viewer is as below
System.Net.Mail.SmtpFailedRecipientsException: Unable to send to all recipients.
System.Net.Mail.SmtpFailedRecipientException: Mailbox unavailable.
The server response was: This domain is not hosted here
I have the same email address configured in my outlook and i can send/recieve to any emails like gmail or hotmail. Following are my DNN email settings
It sounds like one or two things might be happening here:
Your SMTP server isn't set up to allow relaying from the IP address of your web server.
You may need to create an SPF (Sender Policy Framework) or TXT record in DNS for your SMTP server's primary domain that allows SMTP traffic from the IP address of the server where your DNN website is hosted. An SPF record may already be in use for your email domain, but generally you'd add something like this to it: v=spf1 a ip4:1.2.3.4 -all, where 1.2.3.4 is the IP address of your web server.
I run a mail server on my web server, it has SMTP authentication enabled and I added my server's IP address to the whitelist, so no password is required to send out emails if they come from within the server. I did this to allow my web applications to use the SMTP service.
My question is can a spammer spoof a packet with my own IP address and bypass the SMTP authentication?
Emails sent from my email server often end up in the recipient's spam folder and I'm trying to figure out why. I send no more than 200 emails per month.
It isn't possible to spoof your address unless the attacker is between you and your server (which is very unlikely - he would have to be an ISP or to be able to overwatch and control your internet traffic). This is because after an attacker sends a connection request to your server, the server sends a packet to you that the attacker needs to have to be able to establish a connection: http://en.wikipedia.org/wiki/TCP_handshake#Connection_establishment
Try to look at the headers of a mail that gets into the spam folder and look for something that says that your servers IP is blacklisted or something like that.