Recently a friend ask me how does he knows if his mail server is vulnerable to impersonation or relay attacks. (SPAM, Phishing, etc)
First we have to think why these attacks happen. For one thing there is no authentication/authorization on the SMTP connections between servers and mostly misconfiguration. Sometime we think we did all there is to do when configuring our serves an sometime we trust what vendors say (are we suppose to?), but that the way to tragedy in security.
Continue reading Testing your mail server for impersonation or relay attacks.