On Wed, 16 Feb 2005, Larry Seltzer wrote:
HKEY_CURRENT_USER -> Software -> Microsoft -> Internet Mail and News
-> Mail:
DefaultSMTPServer
This is not a standard value in Windows. It may be common, but you can't
rely on it. I've just tested 3 systems and found it on none.
Windows, Outlook, Outlook Express and other mail clients change the
location of their server values even from version to version. This is
far from an insurmountable obstacle, but it makes the job non-trivial.
In all likelihood the encoding in the registry for the passwords changes
from version to version. Outlook 2003 doesn't store even the SMTP server
in plain text or an obvious location anymore.
But it can be done. See Passware (http://www.lostpassword.com/) for
programs that can crack cached credentials for almost anything, and I've
specifically tested it against SMTP AUTH credentials.
Port 25 on "mail" or "smtp" is a valid smtp relay not requiring any
authentication for more than half of ISPs. The Windows resolver will fill
in the domain part of the relay host name. I have seen no claims that any
spamware *at the moment* goes any further than this, although of course as
time goes by it will do whatever is necessary.
I do hope that ISPs don't get the idea the way to fight this is to obscure
the MTA name.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg