HELO microsoft.comWe get this:250 mailgw1.netvision.net.il Hello some.hostname.crap.com [62.0.146.225], pleased to meet youThe rest is exactly like in the last time (sender, rcpt to, etc' etc'). Now let's see what victim@victim.com would have gotten.Aha! No X-Authentication-Warning!Final notes-----------I hope you enjoyed this chapter. Now you've learnt how to play harmless and legal tricks on your friends, how to spike-down fake mails and how easy it is to catch you if you're trying to do illegal stuff.Oh, and by the way, there is a way to hide your IP/hostname when faking mail... for more information, read the second section in the 'Okay, so I can hack a host which runs Sendmail. How do I do it?' chapter.Hack the server? Through Sendmail?!===================================Yeah, sure, why not? I mean, EVERY service(3) is vulnerable to some attacks. That's why it is recommended to run as less services possible on your computer.But the most vulnerable one is Sendmail (this is why it is called 'the buggiest daemon on Earth' or 'the buggiest daemon on the planet'). A member of the mailing list once told me that he just can't wait to read the Sendmail Tutorial (this was before this tutorial has been released) and that he himself runs Sendmail on his computer. Running Sendmail on a personal computer is unnecessary and dangerous. If your computer does not act as a mail server, there is no reason for you to run Sendmail (unless you want people to be able to send mail to your-account@your.IP.address instead of your-account@your.ISP.com. Note about your-account: in the first address, your-account is the name of your username on your own computer (Unix users should know what I am talking about). In the second address, your-account is your username at your ISP).Note: the information in this chapter can be either used to hack servers, or the other way around - to protect your server. Please don't break the law, or at least don't spew out my name d...
