Interesting technique for a Spear Phish attack

I recall a couple of years ago I was toying around with SMTP, and more in particular Exchange and Lotus Domino. I noticed that even when the server is configured to not act as a relay, it still delivers internal messages, that is to anyone on any of the domains it is configured for – WITHOUT authentication and by using telnet and the SMTP commands.

I am assuming the reason for this is because you are actually sending an email from the SMTP server itself, not from a user account.

(And before I go on, I haven’t tried this for years, and I only tested a few different servers, so would love if you guys tested your own servers and let me know if it is still relevant)
Continue reading