|SMTP Pseudo Server
|Back to Home Page|
SMTP Pseudo Server is a utility program that acts like a Mail Server without actually receiving or sending anything. It was originally designed to feed a DNS Black List server, but it has been modified to simply receive port 25 SMTP connections and reject them. We found this necessary due to continuous bombardment of our DNS server looking for a mail server, and subsequent bombardment of our Web server (A record) with port 25 connection attempts. After implementing this program, DNS activity is about 1/10 of what it was, and port 25 connection attempts have dropped from over 2000 to between 600 and 700 per day. The actual port 25 connection attempts to our Web server prior to operating the Pseudo Server is undocumented, because port 25 traffic was blocked by our router. We only know it was occurring because of Type MX requests followed by Type A requests at the DNS server.
The SMTP Pseudo Server is designed to run as a service. The need to monitor activity and make setting changes in modern Windows environments (Vista and better), necessitated a split architecture design to deal with Session Isolation. So there are actually 2 programs; a windowless program to run as a service in session 0, and another to run as a GUI (Graphic User Interface) program in a different session.
SMTP Pseudo Server is written in VB6, and is being made available in ZIP format. Installation is usually straight forward, using "setup.exe" to install files extracted from "SMTPsvc.cab" as laid out in "setup.lst". It can be installed anywhere the user has authority, but the default location is "\Program Files\SMTPsvc\". Once installed, the SMTPServer.exe program should be run first to store the program settings in the registry. A service cannot access the HKEY_USERS part of the registry, so HKEY_LOCAL_MACHINE had to be used instead. This may necessitate the program to be run as adminstrator.
Once started, SMTPServer will show as being "Offline" and must be setup. Make sure the "Show/Log Data Events" is checked, and the "Accept Mail" is unchecked. It makes no difference to this particular program, but it has the ability to change how the server program works.
1. Click the setup button and the first item is the SMTP Greeting. Again, it doesn't affect how this program runs, but it needs something such as "Welcome!".
2. The next thing it wants is the IP address to monitor. Although the program can be used to remotely monitor the service program, in this case we want to input the IP address of the machine you are currently working on. The IPv6 program supports the loopback addresses 127.0.0.1 and ::1, but the IPv4 version does not. Port 26 is used to monitor the server.
3. Finally, it will want a magic word that allows access. This is done to protect the server from unauthorized access.
Once setup, exit the SMTPServer program and start the SMTPsvc program. Since it is windowless, there is nothing to indicate that it is running. To verify, go to the Command Prompt and enter the command "netstat -an". Both ports 25 and 26 should be in the listening mode. Since there is no interface, you will have to use the Task Manager to shut down the program.
Now you will want to install the server part of the program as a service. This done by starting the SMTPsvc.exe program from the Run button with a /install option.
"C:\Program Files\SMTPsvc\SMTPsvc.exe /install"
Once installed as a service, use the Service Manager (services.msc) to start the program. You will probably want to change the Start Type to Automatic, but that is your option. Now that the service is running, start the SMTPServer monitor program again. This time the program should connect to the service and show its status as being online.
That's rather uninteresting. What we need now is some traffic to monitor. As long as you have the Telnet program enabled, you can use it from the command prompt to provide some test traffic.C:\>telnet 192.168.1.2 25
220 This server does not accept email!06/01/2012 2:41:11 PM -0700
250 Hello me from 192.168.1.2, pleased to meet you.
MAIL FROM: firstname.lastname@example.org
553 Sender email@example.com is Invalid!
Connection to host lost.
What you see on the monitor:
The server disconnected because I took too long and it has an inactivity timeout. After about 30 seconds of no new connections, it closes all connections. The server has been arbitrarily set to support 25 simultaneous connections, with the last connection and it's current status shown for each socket. That should be more than enough unless there is a problem. One such problem was encountered recently with an "AUTH LOGIN" request. Even though the server advertises that it is not supported, it did not stop some hacker from attempting many such connections. The server was modified to respond that it was an unsupported command rather than just ignoring it, and that seems to have solved the problem.
The captured data is also logged to file. Those files are stored in the "C:\Program Files\SMTPsvc\logs\" directory by date. You can examine the log files using a text editor such as NotePad.
Note: The original IPv4 only version utilizes the Winsock Clone ActiveX Control SocketMaster.ocx by Emiliano Scavuzzo. The IPv6 version utilizes my own ActiveX Control called cSocket.ocx, which is based on SocketMaster.ocx. The IPv6 version software supports both IPv4 and IPv6, but only works on Windows Vista or better systems. The IPv6 version also has the ability to verify the IP address entered on setup. This is due to a new Winsock API function available in recent Windows operating systems called "getaddrinfo", that was designed to handle the larger IPv6 addresses.
Source code is available on request.
| Home Page