rant.jpg

*START RANT*

Why is it that organizations are still struggling with securing there mail infrastructure? It  baffles me that organizations will spend so much money on email spam filters, outsourced SMTP gateway providers and make such an effort to use encrypted protocols for client side transactions and then they still allow any IP on the internal network to communicate directly with the production SMTP service with absolutely no restrictions.

Considering that 70-80 percent (according to Forester and FBI/CSI) of major security breaches come from inside the organization you’d think that there would be more of a push to qurantine some of these rudimentary services off.  I can certainly understand if you have alerting software that can’t send via any protocol other than SMTP, but you pretty easily white list these systems.  You could set up a VBS script to query via LDAP and only allow them to send unauth’d messages.

*END RANT*

Well, I had some time last weekend and thought it would be fun to write a little perl script (see my projects page for the download) that when out and sent email to the world using a list of your internal SMTP servers.  Just perform an NMAP (4.75 just came out!) scan for TCP port 25 on all your ranges (with permission from IS security of course) and then take the systems running SMTP, add them to the script, customize the email addresses and run it.  You’ll then know what systems aren’t properly restricting access and maybe you’ll do something to fix it and save me another rant :).