Setting up your own mailserver

posted onSeptember 17, 2000
by hitbsecnews

By: madirish

Ok, well being that this is a "hacking" publication I thought I'd write about my latest hack. Well, its a hack in the old-school sense of the word, not a crack.

Have you ever wondered how much money spammers make? Do some online research, it?s phenomenal what you have to pay someone to get them to send unsolicited e-mail for you. The reason I pose this question is because I've recently gotten into the spam business. Now, before you scream bloody murder and curse me let me explain. I work for the US government and I spam "bad-guys" in Southeastern Europe (basically the Balkans). Now the mail is unsolicited (by a strict definition spam) but doesn't sell anything, its mostly propaganda (if you're reading this from Kosovo, yes, that?s me sending you that sh*t, I'm the American pigdog). Ok, so about a month ago my client comes to me and says they want to send out about 23,000 of these unsolicited mails. Well, you can imagine what our ISP had to say about using their mail servers for that. So here's my dilemma: I have to come up with a way to send 23,000 e-mails 2-3 times a week (meaning it can't take more than a day to send them, and I can't tie up an entire computer doing it) to various people in Europe and I can't use an ISP's mail account because its spam. Not only that, but my budget is $0.

The solution I figured out was pretty simple. Actually I did manage to get a budget, but I kept the cost under $400.

First step was figuring out how to send the mail myself. Now, if you have an NT server with Back Office 4.5 you can configure the IIS to send out mail. All you need to do is go to the IIS manager and select the mail icon, configure it however you want and away you go. I do think, however, that NT has some sort of a limit on the amount of mail it will relay in a given time, so watch out for that.

I chose to use Linux Mandrake for my solution. I found a cheap refurbished P200 to serve as our mail server. I managed to order one for about $300 (no peripherals or operating system). After installing Mandrake 7.1 the rest was a cinch (well the install was a cinch too, Mandrake is so easy any AOL user could install it, simply put in the boot disk and follow the directions, the automated installer will do EVERYTHING for you). I chopped out the fetchmail and postfix mail programs that were installed standard (use Mandrake's RPM manager for the uninstall and it'll even check for dependencies for you) and set up the old workhorse - sendmail. You can download sendmail free from Sendmail.org, and the instructions for installation can also be found on that site. Once I had the program installed I used DrakConfig to alter sendmail's configuration (under the 'networking' setup button, but you can do this by hand as well). Basically I set up the server to allow relay from my IP and from my user name. You need to do this because the server itself wasn't originating the e-mail, and since the server isn't connected to any specific domain (it only sends the mail, it can't receive or manage mail since its only identifier is localhost.localdomain). Because of some new RFC's there are all sorts of spam controllers in the latest version of sendmail. In order to find all the restrictions you can browse /etc/sendmail.cf and find all the instances of "relay"(pico sendmail.cf then cntrl-w "relay" to find these, or whatever text editing tool you use, those will lead you to all the relevant lines of code). Basically sendmail maintains a few databases of names, IP addresses, and aliases that it will check against in screening messages for relay. You can either disable all of these features, or add yourself to all the lists. I chose to add myself since I didn't want any mail recipients savvy enough to decrypt a mail header to be using my poor P200 for their own spam (its stressed to the max as it is).

Next I found a program to manage the mailing lists from my desktop (win98). Now, to be completely honest, as much as I hate it, I use Excel to manage the list itself. You can find tons of mass mailing programs out there, most of which will even spoof the mail for you without the benefit of a mail server. I originally chose Stealth Pro, but I'm using Emerge now. Stealth costs $99, and Emerge costs $999. Both are good, relative to their costs. Setting up the mail server is the tough part, managing and sending to the lists is easy. All you have to do is compile a tab delimited text file of the recipient addresses and make sure to configure the mail managing program so that it knows your mail server is IP whatever-it-is. Then away you go. With Emerge I can mail about 23,000 e-mails in under 20 minutes. If you've ever looked at how much a service to do this would cost you can imagine the profit possibilities of bootlegging this service (but no, I keep my work semi-honorable by only spamming for Uncle Sam).

The only problem I've found with this set up is that sendmail seems to suffer from some sort of queue overflow when you send it more than about 1500 messages to relay in under 3 minutes. The program seems to relay just fine, and instantaneously if you keep the numbers below that, but God forbid you should overtax the system. I've found that if you send too many mails to the program it files them away somewhere (and only the Unix god knows where) and slowly tries to send each one manually, about 1 every 5 minutes or so. You can imagine how this would slow a system if you overflowed sendmail with 20,000 messages. I've found that to mail to the large lists, I have to break it into smaller lists of around 1,000 recipients and mail each 1,000 separately.

Using this solution, the only mail servers I'm clogging are my own, and the recipients to some extent (but not really). Thus I'm only using my ISP's bandwidth, not their mail servers, and can't really get axed from my account. The only potential problem with this setup is getting black listed by MAPS (Mail Abuse Prevention System). They maintain a real time database of known spammers and many companies and ISP's use their database to filter incoming mail (basically incoming mail headers can be compared to a DB and correlations can be sent to /dev/null). MAPS, however, only operates on IP address, not by sender address, etc. So, being a net admin, if I ever find myself in MAPS RBL (Realtime Blackhole List) I can just reassign the mail server another IP address.

The other concern you may have doing this is that your IP is going to show up all over headers of mails you're sending. Since the mails are spoofed you can easily mask your sender address and respond to address, but your IP is going to show up (either the IP of the mail management program's computer or the IP of the mail server). So be sure to run your own security audits before doing this. Immediately after I sent out my first round of mailings for the client my logs started lighting up like a Christmas tree with scans from all over the world. Spam doesn't seem to make people too happy for some reason.

Even if you don't send mass spamming, installing and configuring sendmail allows you to spoof mails from your own system. No more searching for an insecure SMPT server when you want to send some mail from "bill.gatus@microsoft.com", you can use your own service. Just be sure not to use any of this for anything evil :) And remember, if you spam people, they WILL try and find you and screw your network. Enjoy.

1.) Interview
with Hacker (the anti-MPAA web defacer - madirish

2.) Dreamcast
Hacking - 101bytz

3.) Setting Up
Your Own Mail Server - madirish

4.) A look at
DNS (part 1) - L33tdawg

5.) PC Be With
You - Joel Garreau

Source

Tags

Intel

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes