Results 1 to 15 of 15
  1. #1
    Join Date
    Feb 2006
    Location
    India
    Posts
    858

    Email interception

    Is there any way you can prevent both your incoming and outgoing emails from being intercepted or read by an unauthorized person? Any help would be appreciated.

    Thanks

  2. #2
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,093
    Being as the email protocol itself is all plaintext nothing to really stop anybody there. If you want to protect the contents consider encryption, something like PGP. Then if you are super paranoid you just have to worry about them being able to crack that.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  3. #3
    Join Date
    Feb 2006
    Location
    India
    Posts
    858
    I can try encryption for outgoing mails , but what about incoming mails? Also can anyone change the content of incoming mails? I received a system generated email recently which seemed to be modified.

  4. #4
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,093
    You would have to have the client encrypt them. Are talking about between 2 specific computers? If so you could setup a tunnel or vpn between them.

    Well where are the emails to and from? If you are sending them directly from trusted server A to trusted server B then no. The A should connect directly to B and send it. Between A/B, yes technically it could be snooped. If it was modified there would have to be an intermediate computer as anything else should cause a problem as its being sent.

    This of course assumes you are not some paranoid conspiracy theorist. Technically no there is nothing that says another server responding on your IP could not receive it then forward it on. This is not really a realistic scenario though...just saying possible.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  5. #5
    Join Date
    Feb 2006
    Location
    India
    Posts
    858
    I have a forum which automatically generates emails every time some one signs up. The mails are in a standard format and I get hundreds of messages a month. A few days ago, one of the mails was very different from the standard message.

    And some time ago, I got emails saying that your email id is hacked, and there have been other incidents also.

  6. #6
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,093
    Did you check the logs on the email that was different?

    Check the sending server, timestatmps as well (is the time correct?), check incoming server and timestamps. What about the message headers?

    When you say "very different" do you mean like truncated or do you mean like entirely new content put into it.

    Are you 100% the software actually sending the emails is not the problem? That sounds a lot more likely then anything else.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  7. #7
    Join Date
    Feb 2006
    Location
    India
    Posts
    858
    The notification was a standard phpBB notification, the mail had some new content added to it. I 'll check the time stamps and headers again , but the sending server seemed to be OK.

    I am also facing a problem of truncated emails on some email ids, is there anything I can do about it?

  8. #8
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,093
    On the truncated emails I would make sure that there are no errors when they are being sent. That sounds like they may be in the process of sending and get stopped 1/2 way through.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  9. #9
    Join Date
    Aug 2004
    Location
    Karachi, Pakistan
    Posts
    748
    By virtue of the RFC (822/821) email sending/receiving is not encrypted. It can be read by unauthorized people. The only way is encrypting it.
    "I drink too much. The last time I gave a urine sample it had an olive in it. ".
    Rodney Dangerfield (from "I Get No Respect!").

  10. #10
    Join Date
    Feb 2006
    Location
    India
    Posts
    858
    Thanks for the inputs. I have checked the headers, there is nothing unusual. Seems to be an expert hacker at work. Can you take legal action? I have lost money because of this problem.

  11. #11
    Join Date
    Nov 2005
    Location
    Denver, CO
    Posts
    728
    Are you sure phpbb hasn't been compromised? wouldn't be the first time it or one of its mods have been an attack vector. Something injected/modified would easily affect templates or the behavior of scripts.

    While intercepting emails is a rather trivial task if you have access to the path between two endpoints, it's not overly common (broadband networks like cable/wireless where all clients are on a common segment are an exception). In the data center space however, not so much so.
    Last edited by CiscoMike; 05-18-2009 at 10:03 PM.

  12. #12
    Join Date
    Oct 2005
    Posts
    517
    Start with a thorough review of your server. Configserver.com's anti-hacker service is worth a try:
    http://www.configserver.com/cp/exploit.html

  13. #13
    Join Date
    Feb 2006
    Location
    India
    Posts
    858
    Quote Originally Posted by CiscoMike View Post

    While intercepting emails is a rather trivial task if you have access to the path between two endpoints, it's not overly common (broadband networks like cable/wireless where all clients are on a common segment are an exception). In the data center space however, not so much so.
    I think it is a problem with the broadband networks I use. Is there anything I can do about it?

  14. #14
    Join Date
    Dec 2002
    Posts
    53
    1) Use a SSL certificate to send email to your host.
    2) Encrypt your email to the recipient, but they have to be able to decrypt it.

  15. #15
    Join Date
    Feb 2006
    Location
    India
    Posts
    858
    Since this problem has been going on for some time, I have minimized the number of emails I send, but I am worried about the mails sent to me. There are many mails which I never receive or the message is modified.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •