Security, using Windows Server 2003's built-in smtp
-
Hello folks, I can send an e-mail from my web-server like so:
SmtpClient mailClient = new SmtpClient(); mailClient.Send(some defined mail);I'm however unsure as to the security in this. If someone should gain access to the machine, and it's set up to allow the above, wouldn't this mean the attacker would be able to use the server as a spam-bot? Many, many thanks for your input (and possible a great link explaining the reasoning behind it), Morten
-
Hello folks, I can send an e-mail from my web-server like so:
SmtpClient mailClient = new SmtpClient(); mailClient.Send(some defined mail);I'm however unsure as to the security in this. If someone should gain access to the machine, and it's set up to allow the above, wouldn't this mean the attacker would be able to use the server as a spam-bot? Many, many thanks for your input (and possible a great link explaining the reasoning behind it), Morten
harleydk wrote:
allow the above, wouldn't this mean the attacker would be able to use the server as a spam-bot?
All the code you showed is doing is sending an email using the smtpclient, it doesn't expose anything. The SMPT server itself must be configured properly. SMTP Server Setup (IIS 6.0)[^]
only two letters away from being an asset
-
Hello folks, I can send an e-mail from my web-server like so:
SmtpClient mailClient = new SmtpClient(); mailClient.Send(some defined mail);I'm however unsure as to the security in this. If someone should gain access to the machine, and it's set up to allow the above, wouldn't this mean the attacker would be able to use the server as a spam-bot? Many, many thanks for your input (and possible a great link explaining the reasoning behind it), Morten
Are the two machines on the same domain? If so you will automatically have extra permissions locally.