KFSensor

 

Edit Sim Std Server - SMTP

Use the Edit Sim Std Server - SMTP dialog box to add or edit a SMTP definition.

You will find a description of what are Sim Std Servers here.

SMTP stands for Simple Mail Transfer Protocol.
An SMTP server is used to accept incoming email messages.
This Sim Std Server emulates the SMTP protocol fully.
It also has the ability to forward emails it receives. This ability is turned off by default.

It is important that you set the Domain Name in the Scenario as this plays a crucial role in SMTP.

Title

  • Name
    Each Sim Std Server requires a unique name, which is used to identify it.
  • Description
    A piece of text for notes on what the Sim Std Server aims to support
  • Default Port
    Most services have standard ports on which visitors expect to find them.
    The default port for SMTP is 25.
    This is only used as a prompt during configuration of a Listen; a Sim Std Server can be set on any or many different ports.
  • Severity
    The severity level that events generated by this Sim Std Server will be given. This can be overridden as part of the Listen configuration.

Options

These settings control how this Sim Std Server responds to a visitor.
  • Emulation
    The real server that is emulated.
    NB. At present only the Microsoft server is emulated.
  • Require Authorization If this option is checked the visitor will receive a "Client was not authenticated" error message if they attempt to send an email.
    This visitor can attempt to login, but their credentials will always be rejected.

    If the option is unchecked then the SMTP Server will appear to offer the visitor anonymous access.
  • Allow Relay
    If this option is checked then the SMTP Server will allow the visitor to relay mail messages.
    This means the SMTP Server will accept messages destined for another domain and agrees to forward them on.
    An unprotected relay server is the ideal target for spammers who can use it to send emails and hide the true origin of the email.

    If the option is unchecked then the SMTP Server will reject any emails not sent to its own domain.
    Most people configure their SMTP servers not to allow relay, to prevent spam attacks.
  • Allow Real Relay
    This option will enable certain emails received by the sim server to be forwarded to their intended destination. For this option to be fully enabled then the Proxy Rules must be enabled.
  • Version
    When a visitor first connects to an SMTP server they are sent a banner containing information about the server. Part of this is a version number. Setting this value allows you to control the version number that is returned to the visitor. Leave blank to use KFSensor's default SMTP version number.
  • Time out
    The time in seconds that the KFSensor server allow the session to continue for before closing the connection.
  • Idle Time out
    The time in seconds that the KFSensor server will wait for traffic on a connection before closing the connection.
  • Session Limit
    The maximum number of bytes that will be accepted from the visitor before the connection is closed.

Example Attack

The following is a real life example attack on an SMTP Sim Std Server.
This visitor sent commands to send an email to himself in order to test the server was working.
The lines that start with ">>>>" indicate a response to the visitor from the Sim Server.

>>>>220 keyfocus.info Microsoft ESMTP MAIL Service, Version: 6.0.2600.1106 ready at Sat, 22 Feb 2003 17:23:32 +0000
ehlo qw
>>>>250-keyfocus.info Hello [211.38.166.209]
>>>>250-TURN
>>>>250-SIZE 2097152
>>>>250-ETRN
>>>>250-PIPELINING
>>>>250-DSN
>>>>250-ENHANCEDSTATUSCODES
>>>>250-8bitmime
>>>>250-BINARYMIME
>>>>250-CHUNKING
>>>>250-VRFY
>>>>250 OK
Rset
>>>>250 2.0.0 Resetting
Mail from:<china9988@21cn.com>
>>>>250 2.1.0 china9988@21cn.com....Sender OK
RCPT to:<china9988@21cn.com>
>>>>250 china9988@21cn.com....Sender OK
Data
>>>>354 Start mail input; end with <CRLF>.CRLF
From: china9988@21cn.com
Subject: 217.39.122.38
To: china9988@21cn.com
Date: Sun, 23 Feb 2003 02:24:00 +0900
X-Priority: 3
X-Library: Indy 8.0.25

t_Smtp.LocalIP
.
>>>>250 2.6.0 <KEYFOCUSLvx4efKx00008432@keyfocus.info> Queued mail for delivery
Quit
>>>>250 2.0.0 OK

Related Topics


KFSensor On-Line Manual Contents