Email sent to random person as BCC when invalid TO field specified

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
mfields
New user
New user
Posts: 6
Joined: 2016-05-06 14:56

Email sent to random person as BCC when invalid TO field specified

Post by mfields » 2019-06-17 17:01

Hello

Dealing with a possible bug in hMailServer which we believe has caused an email to be sent to a recipient which wasn't intended and looking for some guidance. Haven't attempted to reproduce yet and suspect it could be hard to do.

An email was sent from our application using CDO.Message.
To: legitimate-recipient1@foo.com; legitimate-recipient2@foo.com; legitimate-recipient3@foo.com : legitimate-recipient4@foo.com
From: noreply@company.com

Note that there was a typo in the To field, where a colon was used instead of a semi-colon. What resulted in hMailServer was an email sent to legitimate-recipient1@foo.com, legitimate-recipient2@foo.com and a different email address which wasn't contained in the To field. I see that the different email address the message was sent to was one which had previously been emailed in another session prior (but not immediately prior) to the email in question. Logs are as follows:

Code: Select all

"SMTPD"	2264	1647401	"2019-06-14 12:10:13.001"	"127.0.0.1"	"SENT: 220 servername.company.com ESMTP"
"SMTPD"	2296	1647401	"2019-06-14 12:10:13.002"	"127.0.0.1"	"RECEIVED: HELO SERVERNAMEHERE"
"SMTPD"	2296	1647401	"2019-06-14 12:10:13.003"	"127.0.0.1"	"SENT: 250 Hello."
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.004"	"127.0.0.1"	"RECEIVED: MAIL FROM: <noreply@company.com>"
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.016"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2308	1647401	"2019-06-14 12:10:13.017"	"127.0.0.1"	"RECEIVED: RCPT TO: <legitimate-recipient1@foo.com>"
"SMTPD"	2308	1647401	"2019-06-14 12:10:13.020"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.021"	"127.0.0.1"	"RECEIVED: RCPT TO: <legitimate-recipient2@foo.com>"
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.023"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2308	1647401	"2019-06-14 12:10:13.024"	"127.0.0.1"	"RECEIVED: RCPT TO: <incorrect-recipient@bar.com>"
"SMTPD"	2308	1647401	"2019-06-14 12:10:13.026"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.027"	"127.0.0.1"	"RECEIVED: DATA"
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.027"	"127.0.0.1"	"SENT: 354 OK, send."
"SMTPD"	1788	1647401	"2019-06-14 12:10:13.034"	"127.0.0.1"	"SENT: 250 Queued (0.000 seconds)"
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.035"	"127.0.0.1"	"RECEIVED: QUIT"
"APPLICATION"	2136	"2019-06-14 12:10:13.036"	"SMTPDeliverer - Message 11711007: Delivering message from noreply@company.com to legitimate-recipient1@foo.com, legitimate-recipient2@foo.com, incorrect-recipient@bar.com. File: D:\hMailServer\Data\{D97FF848-4B1D-42AA-82F0-0BB742BB337B}.eml"
"APPLICATION"	2136	"2019-06-14 12:10:18.949"	"SMTPDeliverer - Message 11711007: Message delivery thread completed."
How can we proceed and help identify the root cause?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8006
Joined: 2011-09-08 17:48

Re: Email sent to random person as BCC when invalid TO field specified

Post by jimimaseye » 2019-06-17 22:49

I would think it highly unlikely a problem with Hmailserver but yes, to determine the root cause, you would need to do a test.

I suspect the issue is still with the 'email client' though. If you look at the log hmailserver RECEIVED:
"SMTPD" 2308 1647401 "2019-06-14 12:10:13.024" "127.0.0.1" "RECEIVED: RCPT TO: <incorrect-recipient@bar.com>"
It doesnt make that up; "incorrect-recipient@bar.com" is what it was given by CDO

Of course, under normal circumstances, the cause would be laden entirely on the email client which should have its own email address convention check and parser (separating the addresses out by the delimiter of semi-colon or comma) but as you used CDO there is no such thing...or is there?! (Perhaps you should think about that).

Reproduce the exact test but change and use email addresses to someone or accounts you have access to (so random emails do not get sent out). I dont know for sure how CDO handles incorrect address formatting but I REALLY wouldnt be surprised if it didnt struggle somehow. I do know that Hmailserver has a very correct email address format checker builtin (as I helped write it with Martin after determining a few flaws in its original form) and should the original parser have tried to pass an incorrect format (such as "legitimate-recipient3@foo.com : legitimate-recipient4@foo.com" then it would not have accepted it.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 19878
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Email sent to random person as BCC when invalid TO field specified

Post by mattg » 2019-06-17 23:13

ALSO, can you please include your CDO.message code

I use CDO to send lots of mail (dozens every day for more than 10 years), and have never seen this issue
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 3153
Joined: 2006-08-21 15:38
Location: Denmark

Re: Email sent to random person as BCC when invalid TO field specified

Post by SorenR » 2019-06-17 23:48

mfields wrote:
2019-06-17 17:01
Hello

Dealing with a possible bug in hMailServer which we believe has caused an email to be sent to a recipient which wasn't intended and looking for some guidance. Haven't attempted to reproduce yet and suspect it could be hard to do.

An email was sent from our application using CDO.Message.
To: legitimate-recipient1@foo.com; legitimate-recipient2@foo.com; legitimate-recipient3@foo.com : legitimate-recipient4@foo.com
From: noreply@company.com

Note that there was a typo in the To field, where a colon was used instead of a semi-colon. What resulted in hMailServer was an email sent to legitimate-recipient1@foo.com, legitimate-recipient2@foo.com and a different email address which wasn't contained in the To field. I see that the different email address the message was sent to was one which had previously been emailed in another session prior (but not immediately prior) to the email in question. Logs are as follows:

Code: Select all

"SMTPD"	2264	1647401	"2019-06-14 12:10:13.001"	"127.0.0.1"	"SENT: 220 servername.company.com ESMTP"
"SMTPD"	2296	1647401	"2019-06-14 12:10:13.002"	"127.0.0.1"	"RECEIVED: HELO SERVERNAMEHERE"
"SMTPD"	2296	1647401	"2019-06-14 12:10:13.003"	"127.0.0.1"	"SENT: 250 Hello."
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.004"	"127.0.0.1"	"RECEIVED: MAIL FROM: <noreply@company.com>"
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.016"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2308	1647401	"2019-06-14 12:10:13.017"	"127.0.0.1"	"RECEIVED: RCPT TO: <legitimate-recipient1@foo.com>"
"SMTPD"	2308	1647401	"2019-06-14 12:10:13.020"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.021"	"127.0.0.1"	"RECEIVED: RCPT TO: <legitimate-recipient2@foo.com>"
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.023"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2308	1647401	"2019-06-14 12:10:13.024"	"127.0.0.1"	"RECEIVED: RCPT TO: <incorrect-recipient@bar.com>"
"SMTPD"	2308	1647401	"2019-06-14 12:10:13.026"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.027"	"127.0.0.1"	"RECEIVED: DATA"
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.027"	"127.0.0.1"	"SENT: 354 OK, send."
"SMTPD"	1788	1647401	"2019-06-14 12:10:13.034"	"127.0.0.1"	"SENT: 250 Queued (0.000 seconds)"
"SMTPD"	2264	1647401	"2019-06-14 12:10:13.035"	"127.0.0.1"	"RECEIVED: QUIT"
"APPLICATION"	2136	"2019-06-14 12:10:13.036"	"SMTPDeliverer - Message 11711007: Delivering message from noreply@company.com to legitimate-recipient1@foo.com, legitimate-recipient2@foo.com, incorrect-recipient@bar.com. File: D:\hMailServer\Data\{D97FF848-4B1D-42AA-82F0-0BB742BB337B}.eml"
"APPLICATION"	2136	"2019-06-14 12:10:18.949"	"SMTPDeliverer - Message 11711007: Message delivery thread completed."
How can we proceed and help identify the root cause?
I believe you just did... You found the ":" that caused a bug in your code.

This:

Code: Select all

"SMTPD"	2308	1647401	"2019-06-14 12:10:13.024"	"127.0.0.1"	"RECEIVED: RCPT TO: <incorrect-recipient@bar.com>"
is proof that hMailServer received wrong information. Each email is handled in a private session and when the mail is sent, the session is destroyed. There is no way hMailServer can "remember" an address from a previous session.
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

mfields
New user
New user
Posts: 6
Joined: 2016-05-06 14:56

Re: Email sent to random person as BCC when invalid TO field specified

Post by mfields » 2019-06-19 11:47

I have successfully replicated the issue where data is leaked from one session/thread to another.

I can confirm with 100% certainty that it is not our code. The issue must lie with either CDOSYS or hMailServer.
mattg wrote:
2019-06-17 23:13
I use CDO to send lots of mail (dozens every day for more than 10 years), and have never seen this issue
Since we enabled the AWStats logs in April 2015, we've sent in excess of 50 million emails with the majority via CDO.

As this points to a vulnerability in code, how do you wish to proceed so I can share the details on how to replicate and copies of log files (with personal data removed)?

User avatar
mattg
Moderator
Moderator
Posts: 19878
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Email sent to random person as BCC when invalid TO field specified

Post by mattg » 2019-06-19 15:42

posting here is fine (for de-identified data) or by PM if don't want to post publically

If we can replicate - we will raise an issue on GitHub
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 3153
Joined: 2006-08-21 15:38
Location: Denmark

Re: Email sent to random person as BCC when invalid TO field specified

Post by SorenR » 2019-06-19 16:49

It's quite simple to test...

The client use ";" to split the string thus the ":" is regarded as part of the address.

Telnet <your mailserver> 25

Lines NOT prefixed with a number is me typing ...

Code: Select all

220 mx.mydomain.tld ESMTP
EHLO SorenR
250-mx.mydomain.tld
250 SIZE
MAIL FROM:<SorenR@mydomain.tld>
250 OK
RCPT TO:<SorenR@mydomain.tld:Postmaster@mydomain.tld>
550 Unknown user
QUIT
221 goodbye


Connection to host lost.

C:\WINDOWS>
Yes, I tried it with valid users :mrgreen:

Code: Select all

220 mx.mydomain.tld ESMTP
EHLO SorenR
250-mx.mydomain.tld
250 SIZE
MAIL FROM:<SorenR@mydomain.tld>
250 OK
RCPT TO:<postmaster@mydomain.tld>
530 SMTP authentication is required.
QUIT
221 goodbye


Connection to host lost.

C:\WINDOWS>
PS... Some may wonder why my server do not display "250 HELP" after "250 SIZE" ... I rewrote the initial fix by having the code figure out what was needed. The "250 HELP" can be used to identify the server. 8)
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

mfields
New user
New user
Posts: 6
Joined: 2016-05-06 14:56

Re: Email sent to random person as BCC when invalid TO field specified

Post by mfields » 2019-06-19 17:03

On our production server which has IIS and hMailServer as an outbound SMTP client, I created a new, separate ASP VBScript page from our main application to send an email using CDO where the To field contained a colon separator (see below for the details).
I executed this ASP page every 500ms via a Powershell script. At no time was the script changed.

Eventually I started to see entries in the log file as follows:

Code: Select all

"SMTPD"	2488	153712	"2019-06-19 10:00:35.220"	"127.0.0.1"	"SENT: 220 servername.company.com ESMTP"
"SMTPD"	2492	153712	"2019-06-19 10:00:35.221"	"127.0.0.1"	"RECEIVED: HELO SERVERNAMEHERE"
"SMTPD"	2492	153712	"2019-06-19 10:00:35.221"	"127.0.0.1"	"SENT: 250 Hello."
"SMTPD"	2476	153712	"2019-06-19 10:00:35.221"	"127.0.0.1"	"RECEIVED: MAIL FROM: <noreply@company.com>"
"SMTPD"	2476	153712	"2019-06-19 10:00:35.223"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2492	153712	"2019-06-19 10:00:35.224"	"127.0.0.1"	"RECEIVED: RCPT TO: <valid1@mypersonaldomain.com>"
"SMTPD"	2492	153712	"2019-06-19 10:00:35.226"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2488	153712	"2019-06-19 10:00:35.226"	"127.0.0.1"	"RECEIVED: RCPT TO: <valid2@mypersonaldomain.com>"
"SMTPD"	2488	153712	"2019-06-19 10:00:35.228"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2492	153712	"2019-06-19 10:00:35.229"	"127.0.0.1"	"RECEIVED: RCPT TO: <î>" 
"SMTPD"	2492	153712	"2019-06-19 10:00:35.229"	"127.0.0.1"	"SENT: 550 A valid address is required."
"SMTPD"	2476	153712	"2019-06-19 10:00:35.230"	"127.0.0.1"	"RECEIVED: QUIT"
"SMTPD"	2476	153712	"2019-06-19 10:00:35.231"	"127.0.0.1"	"SENT: 221 goodbye"
then

Code: Select all

"SMTPD"	2476	157791	"2019-06-19 10:19:53.650"	"127.0.0.1"	"SENT: 220 servername.company.com ESMTP"
"SMTPD"	2504	157791	"2019-06-19 10:19:53.651"	"127.0.0.1"	"RECEIVED: HELO SERVERNAMEHERE"
"SMTPD"	2504	157791	"2019-06-19 10:19:53.651"	"127.0.0.1"	"SENT: 250 Hello."
"SMTPD"	2476	157791	"2019-06-19 10:19:53.652"	"127.0.0.1"	"RECEIVED: MAIL FROM: <noreply@company.com>"
"SMTPD"	2476	157791	"2019-06-19 10:19:53.654"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2504	157791	"2019-06-19 10:19:53.655"	"127.0.0.1"	"RECEIVED: RCPT TO: <valid1@mypersonaldomain.com>"
"SMTPD"	2504	157791	"2019-06-19 10:19:53.659"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2476	157791	"2019-06-19 10:19:53.659"	"127.0.0.1"	"RECEIVED: RCPT TO: <valid2@mypersonaldomain.com>"
"SMTPD"	2476	157791	"2019-06-19 10:19:53.661"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2504	157791	"2019-06-19 10:19:53.662"	"127.0.0.1"	"RECEIVED: RCPT TO: <`®iaW>" 
"SMTPD"	2504	157791	"2019-06-19 10:19:53.663"	"127.0.0.1"	"SENT: 550 A valid address is required."
"SMTPD"	2476	157791	"2019-06-19 10:19:53.663"	"127.0.0.1"	"RECEIVED: QUIT"
"SMTPD"	2476	157791	"2019-06-19 10:19:53.664"	"127.0.0.1"	"SENT: 221 goodbye"
and eventually it also sent the email to an actual customer (who had been sent a legitimate email by our application shortly before):

Code: Select all

"SMTPD"	2492	157512	"2019-06-19 10:19:36.830"	"127.0.0.1"	"SENT: 220 servername.company.com ESMTP"
"SMTPD"	2444	157512	"2019-06-19 10:19:36.831"	"127.0.0.1"	"RECEIVED: HELO SERVERNAMEHERE"
"SMTPD"	2444	157512	"2019-06-19 10:19:36.831"	"127.0.0.1"	"SENT: 250 Hello."
"SMTPD"	2448	157512	"2019-06-19 10:19:36.832"	"127.0.0.1"	"RECEIVED: MAIL FROM: <noreply@company.com>"
"SMTPD"	2448	157512	"2019-06-19 10:19:36.833"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2492	157512	"2019-06-19 10:19:36.834"	"127.0.0.1"	"RECEIVED: RCPT TO: <valid1@mypersonaldomain.com>"
"SMTPD"	2492	157512	"2019-06-19 10:19:36.836"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2444	157512	"2019-06-19 10:19:36.836"	"127.0.0.1"	"RECEIVED: RCPT TO: <valid2@mypersonaldomain.com>"
"SMTPD"	2444	157512	"2019-06-19 10:19:36.838"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2492	157512	"2019-06-19 10:19:36.839"	"127.0.0.1"	"RECEIVED: RCPT TO: <i.surname@arealcustomer.com>"
"SMTPD"	2492	157512	"2019-06-19 10:19:36.841"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2444	157512	"2019-06-19 10:19:36.841"	"127.0.0.1"	"RECEIVED: DATA"
"SMTPD"	2444	157512	"2019-06-19 10:19:36.842"	"127.0.0.1"	"SENT: 354 OK, send."
"SMTPD"	1756	157512	"2019-06-19 10:19:36.846"	"127.0.0.1"	"SENT: 250 Queued (0.000 seconds)"
"SMTPD"	2492	157512	"2019-06-19 10:19:36.847"	"127.0.0.1"	"RECEIVED: QUIT"
"SMTPD"	2492	157512	"2019-06-19 10:19:36.847"	"127.0.0.1"	"SENT: 221 goodbye"
followed by mangled garbage:

Code: Select all

"SMTPD"	2448	157777	"2019-06-19 10:19:52.801"	"127.0.0.1"	"SENT: 220 servername.company.com ESMTP"
"SMTPD"	2504	157777	"2019-06-19 10:19:52.802"	"127.0.0.1"	"RECEIVED: HELO SERVERNAMEHERE"
"SMTPD"	2504	157777	"2019-06-19 10:19:52.802"	"127.0.0.1"	"SENT: 250 Hello."
"SMTPD"	2500	157777	"2019-06-19 10:19:52.803"	"127.0.0.1"	"RECEIVED: MAIL FROM: <noreply@company.com>"
"SMTPD"	2500	157777	"2019-06-19 10:19:52.805"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2448	157777	"2019-06-19 10:19:52.805"	"127.0.0.1"	"RECEIVED: RCPT TO: <valid1@mypersonaldomain.com>"
"SMTPD"	2448	157777	"2019-06-19 10:19:52.807"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2500	157777	"2019-06-19 10:19:52.808"	"127.0.0.1"	"RECEIVED: RCPT TO: <valid2@mypersonaldomain.com>"
"SMTPD"	2500	157777	"2019-06-19 10:19:52.810"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	2448	157777	"2019-06-19 10:19:52.811"	"127.0.0.1"	"RECEIVED: RCPT TO: <i.surnam„¨au
>"
"SMTPD"	2448	157777	"2019-06-19 10:19:52.811"	"127.0.0.1"	"SENT: 550 A valid address is required."
"SMTPD"	2500	157777	"2019-06-19 10:19:52.812"	"127.0.0.1"	"RECEIVED: QUIT"
"SMTPD"	2500	157777	"2019-06-19 10:19:52.813"	"127.0.0.1"	"SENT: 221 goodbye"

To rule out anything on our production servers, I set out to replicate this on a new Azure VM. While I was unable to get it to send an email to an invalid recipient, I was able to get it to say it's received an extra recipient which was not passed from the ASP script using CDO.

I created a new VM in Azure with Windows Server 2016, installed hMailServer and IIS with ASP support.

I added the following ASP file to send an email which sends a simple email to an email address (or addresses) specified in the querystring:

Code: Select all

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%  

Private Sub testEmail(emailto)
    
    Set NewMail = Server.CreateObject("CDO.Message") 
    Set iConf = Server.CreateObject("CDO.Configuration") 
    Set Flds = iConf.Fields 
    
    iConf.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 
    iConf.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "localhost"
    iConf.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 10 
    iConf.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 
    
    iConf.Fields.Update 
    Set NewMail.Configuration = iConf 
    
    Dim NewMail
    NewMail.To = emailto
    NewMail.From = "noreply@ourdomain.com"
    NewMail.Subject = "Test subject"
    NewMail.HTMLBody = "Test body"
    NewMail.Send 
    Set NewMail = Nothing

    Response.Write("Sent email to " & emailto & " at " & Now())

End Sub


Call testEmail(Request.QueryString("emailto"))

%>
Then use a simple Powershell script to call the page in a loop and execute a couple instances of this script to send a lot of traffic to the page:

Code: Select all

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Do {
$emailswithcolon = @{
    emailto = 'cust1@cust.com;cust2@cust.com;cust3@cust.com: cust4@cust.com'
}
$emailwithoutcolon = @{
    emailto = 'another@customer.com'
}

Invoke-WebRequest -URI "http://azurevmIP/emailtest.asp" -Body $emailswithcolon
Invoke-WebRequest -URI "http://azurevmIP/emailtest.asp" -Body $emailwithoutcolon

sleep 0.5

}
while ($true)
This results in random occurrences in the hMailServer log file of receiving invalid data which should never be possible:

Code: Select all

"SMTPD"	2816	48333	"2019-06-19 14:43:48.450"	"127.0.0.1"	"SENT: 220 hmailservertest ESMTP"
"SMTPD"	2816	48333	"2019-06-19 14:43:48.465"	"127.0.0.1"	"RECEIVED: HELO hmailservertest"
"SMTPD"	2816	48333	"2019-06-19 14:43:48.465"	"127.0.0.1"	"SENT: 250 Hello."
"SMTPD"	2816	48333	"2019-06-19 14:43:48.465"	"127.0.0.1"	"RECEIVED: MAIL FROM: <noreply@ourdomain.com>"
"SMTPD"	2816	48333	"2019-06-19 14:43:48.575"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	1768	48333	"2019-06-19 14:43:48.575"	"127.0.0.1"	"RECEIVED: RCPT TO: <cust1@cust.com>"
"SMTPD"	1768	48333	"2019-06-19 14:43:48.575"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	1768	48333	"2019-06-19 14:43:48.575"	"127.0.0.1"	"RECEIVED: RCPT TO: <cust2@cust.com>"
"SMTPD"	1768	48333	"2019-06-19 14:43:48.590"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	1768	48333	"2019-06-19 14:43:48.590"	"127.0.0.1"	"RECEIVED: RCPT TO: <$>"
"SMTPD"	1768	48333	"2019-06-19 14:43:48.590"	"127.0.0.1"	"SENT: 550 A valid address is required."
"SMTPD"	2816	48333	"2019-06-19 14:43:48.590"	"127.0.0.1"	"RECEIVED: QUIT"
"SMTPD"	2816	48333	"2019-06-19 14:43:48.590"	"127.0.0.1"	"SENT: 221 goodbye"
and with more data such as the following (note I have removed several other sessions which were communicating in amongst the below lines in the log file):

Code: Select all

"SMTPD"	192	59667	"2019-06-19 15:06:49.318"	"127.0.0.1"	"SENT: 220 hmailservertest ESMTP"
"SMTPD"	192	59667	"2019-06-19 15:06:49.318"	"127.0.0.1"	"RECEIVED: HELO hmailservertest"
"SMTPD"	192	59667	"2019-06-19 15:06:49.318"	"127.0.0.1"	"SENT: 250 Hello."
"SMTPD"	192	59667	"2019-06-19 15:06:49.334"	"127.0.0.1"	"RECEIVED: MAIL FROM: <noreply@ourdomain.com>"
"SMTPD"	192	59667	"2019-06-19 15:06:49.350"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	192	59667	"2019-06-19 15:06:49.350"	"127.0.0.1"	"RECEIVED: RCPT TO: <cust1@cust.com>"
"SMTPD"	192	59667	"2019-06-19 15:06:49.365"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	4864	59667	"2019-06-19 15:06:49.365"	"127.0.0.1"	"RECEIVED: RCPT TO: <cust2@cust.com>"
"SMTPD"	4864	59667	"2019-06-19 15:06:49.584"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	4788	59667	"2019-06-19 15:06:49.584"	"127.0.0.1"	"RECEIVED: RCPT TO: <ÈGÃÛþ>"
"SMTPD"	4788	59667	"2019-06-19 15:06:49.584"	"127.0.0.1"	"SENT: 550 A valid address is required."
"SMTPD"	3956	59667	"2019-06-19 15:06:49.600"	"127.0.0.1"	"RECEIVED: QUIT"
"SMTPD"	3956	59667	"2019-06-19 15:06:49.600"	"127.0.0.1"	"SENT: 221 goodbye"
P.S. it's fairly easy to locate such lines in the log file by using a RegEx query (which I use with FileSeek):

Code: Select all

<.{1,13}>
I am fairly convinced there a leakage of data either with CDO or hMailServer, possibly a buffer overrun or similar.

A copy of the log file is available to download here: https://www.dropbox.com/s/we4290mjy0zds ... 9.log?dl=0

I look forward to your reply.

User avatar
SorenR
Senior user
Senior user
Posts: 3153
Joined: 2006-08-21 15:38
Location: Denmark

Re: Email sent to random person as BCC when invalid TO field specified

Post by SorenR » 2019-06-19 20:37

Why is "Dim NewMail" down the middle of the code?
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
SorenR
Senior user
Senior user
Posts: 3153
Joined: 2006-08-21 15:38
Location: Denmark

Re: Email sent to random person as BCC when invalid TO field specified

Post by SorenR » 2019-06-20 03:20

Wireshark trace performed from the client computer. I believe CDO do have a problem!

Code: Select all

No.     Time        Source                Destination           Protocol Info
     32 10.959975   192.168.0.5           192.168.0.60          SMTP     S: 220 mx.mydomain.tld ESMTP

Frame 32: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4275 (4275), Seq: 1, Ack: 1, Len: 24
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     33 10.960257   192.168.0.60          192.168.0.5           SMTP     C: HELO sr

Frame 33: 63 bytes on wire (504 bits), 63 bytes captured (504 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4275 (4275), Dst Port: smtp (25), Seq: 1, Ack: 25, Len: 9
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     34 10.973105   192.168.0.5           192.168.0.60          SMTP     S: 250 Hello.

Frame 34: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4275 (4275), Seq: 25, Ack: 10, Len: 12
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     35 10.973413   192.168.0.60          192.168.0.5           SMTP     C: MAIL FROM: <user1@mydomain.tld>

Frame 35: 83 bytes on wire (664 bits), 83 bytes captured (664 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4275 (4275), Dst Port: smtp (25), Seq: 10, Ack: 37, Len: 29
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     36 10.974489   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 36: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4275 (4275), Seq: 37, Ack: 39, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     37 10.974760   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <user3@mydomain.tld>

Frame 37: 87 bytes on wire (696 bits), 87 bytes captured (696 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4275 (4275), Dst Port: smtp (25), Seq: 39, Ack: 45, Len: 33
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     38 10.975688   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 38: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4275 (4275), Seq: 45, Ack: 72, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     39 10.975951   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <wile.e.coyote@acme.inc>

Frame 39: 89 bytes on wire (712 bits), 89 bytes captured (712 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4275 (4275), Dst Port: smtp (25), Seq: 72, Ack: 53, Len: 35
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     40 10.976869   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 40: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4275 (4275), Seq: 53, Ack: 107, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     41 10.977132   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <"road.runner@a"@mydomain.tld>

Frame 41: 92 bytes on wire (736 bits), 92 bytes captured (736 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4275 (4275), Dst Port: smtp (25), Seq: 107, Ack: 61, Len: 38
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     42 10.977733   192.168.0.5           192.168.0.60          SMTP     S: 550 A valid address is required.

Frame 42: 88 bytes on wire (704 bits), 88 bytes captured (704 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4275 (4275), Seq: 61, Ack: 145, Len: 34
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     43 10.980066   192.168.0.60          192.168.0.5           SMTP     C: QUIT

Frame 43: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4275 (4275), Dst Port: smtp (25), Seq: 145, Ack: 95, Len: 6
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     46 10.980642   192.168.0.5           192.168.0.60          SMTP     S: 221 goodbye

Frame 46: 67 bytes on wire (536 bits), 67 bytes captured (536 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4275 (4275), Seq: 95, Ack: 152, Len: 13
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     53 10.998247   192.168.0.5           192.168.0.60          SMTP     S: 220 mx.mydomain.tld ESMTP

Frame 53: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4277 (4277), Seq: 1, Ack: 1, Len: 24
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     54 10.998539   192.168.0.60          192.168.0.5           SMTP     C: HELO sr

Frame 54: 63 bytes on wire (504 bits), 63 bytes captured (504 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4277 (4277), Dst Port: smtp (25), Seq: 1, Ack: 25, Len: 9
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     55 11.008420   192.168.0.5           192.168.0.60          SMTP     S: 250 Hello.

Frame 55: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4277 (4277), Seq: 25, Ack: 10, Len: 12
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     56 11.008741   192.168.0.60          192.168.0.5           SMTP     C: MAIL FROM: <user1@mydomain.tld>

Frame 56: 83 bytes on wire (664 bits), 83 bytes captured (664 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4277 (4277), Dst Port: smtp (25), Seq: 10, Ack: 37, Len: 29
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     57 11.009833   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 57: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4277 (4277), Seq: 37, Ack: 39, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     58 11.010059   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <user2@mydomain.tld>

Frame 58: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4277 (4277), Dst Port: smtp (25), Seq: 39, Ack: 45, Len: 28
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     59 11.011446   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 59: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4277 (4277), Seq: 45, Ack: 67, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     60 11.011723   192.168.0.60          192.168.0.5           SMTP     C: DATA

Frame 60: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4277 (4277), Dst Port: smtp (25), Seq: 67, Ack: 53, Len: 6
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     63 11.016981   192.168.0.5           192.168.0.60          SMTP     S: 354 OK, send.

Frame 63: 69 bytes on wire (552 bits), 69 bytes captured (552 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4277 (4277), Seq: 53, Ack: 73, Len: 15
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     68 11.024864   192.168.0.60          192.168.0.5           IMF      from: <user1@mydomain.tld>, subject: Test subject, 

Frame 68: 665 bytes on wire (5320 bits), 665 bytes captured (5320 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4277 (4277), Dst Port: smtp (25), Seq: 73, Ack: 68, Len: 611
Simple Mail Transfer Protocol
Internet Message Format

No.     Time        Source                Destination           Protocol Info
     73 11.071263   192.168.0.5           192.168.0.60          SMTP     S: 250 Queued (0.015 seconds)

Frame 73: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4277 (4277), Seq: 68, Ack: 684, Len: 28
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     74 11.073017   192.168.0.60          192.168.0.5           SMTP     C: QUIT

Frame 74: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4277 (4277), Dst Port: smtp (25), Seq: 684, Ack: 96, Len: 6
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     79 11.076916   192.168.0.5           192.168.0.60          SMTP     S: 221 goodbye

Frame 79: 67 bytes on wire (536 bits), 67 bytes captured (536 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4277 (4277), Seq: 96, Ack: 691, Len: 13
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     85 11.088879   192.168.0.5           192.168.0.60          SMTP     S: 220 mx.mydomain.tld ESMTP

Frame 85: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4281 (4281), Seq: 1, Ack: 1, Len: 24
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     86 11.089169   192.168.0.60          192.168.0.5           SMTP     C: HELO sr

Frame 86: 63 bytes on wire (504 bits), 63 bytes captured (504 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4281 (4281), Dst Port: smtp (25), Seq: 1, Ack: 25, Len: 9
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     87 11.099402   192.168.0.5           192.168.0.60          SMTP     S: 250 Hello.

Frame 87: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4281 (4281), Seq: 25, Ack: 10, Len: 12
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     90 11.099784   192.168.0.60          192.168.0.5           SMTP     C: MAIL FROM: <user1@mydomain.tld>

Frame 90: 83 bytes on wire (664 bits), 83 bytes captured (664 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4281 (4281), Dst Port: smtp (25), Seq: 10, Ack: 37, Len: 29
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     91 11.101102   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 91: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4281 (4281), Seq: 37, Ack: 39, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     92 11.101338   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <user3@mydomain.tld>

Frame 92: 87 bytes on wire (696 bits), 87 bytes captured (696 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4281 (4281), Dst Port: smtp (25), Seq: 39, Ack: 45, Len: 33
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     96 11.102312   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 96: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4281 (4281), Seq: 45, Ack: 72, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     97 11.102609   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <wile.e.coyote@acme.inc>

Frame 97: 89 bytes on wire (712 bits), 89 bytes captured (712 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4281 (4281), Dst Port: smtp (25), Seq: 72, Ack: 53, Len: 35
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
     99 11.103835   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 99: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4281 (4281), Seq: 53, Ack: 107, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    100 11.104071   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <"road.runner@a"@mydomain.tld>

Frame 100: 92 bytes on wire (736 bits), 92 bytes captured (736 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4281 (4281), Dst Port: smtp (25), Seq: 107, Ack: 61, Len: 38
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    101 11.104718   192.168.0.5           192.168.0.60          SMTP     S: 550 A valid address is required.

Frame 101: 88 bytes on wire (704 bits), 88 bytes captured (704 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4281 (4281), Seq: 61, Ack: 145, Len: 34
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    102 11.106429   192.168.0.60          192.168.0.5           SMTP     C: QUIT

Frame 102: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4281 (4281), Dst Port: smtp (25), Seq: 145, Ack: 95, Len: 6
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    104 11.107236   192.168.0.5           192.168.0.60          SMTP     S: 221 goodbye

Frame 104: 67 bytes on wire (536 bits), 67 bytes captured (536 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4281 (4281), Seq: 95, Ack: 151, Len: 13
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    113 11.123057   192.168.0.5           192.168.0.60          SMTP     S: 220 mx.mydomain.tld ESMTP

Frame 113: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4283 (4283), Seq: 1, Ack: 1, Len: 24
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    114 11.123324   192.168.0.60          192.168.0.5           SMTP     C: HELO sr

Frame 114: 63 bytes on wire (504 bits), 63 bytes captured (504 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4283 (4283), Dst Port: smtp (25), Seq: 1, Ack: 25, Len: 9
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    115 11.135066   192.168.0.5           192.168.0.60          SMTP     S: 250 Hello.

Frame 115: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4283 (4283), Seq: 25, Ack: 10, Len: 12
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    116 11.135366   192.168.0.60          192.168.0.5           SMTP     C: MAIL FROM: <user1@mydomain.tld>

Frame 116: 83 bytes on wire (664 bits), 83 bytes captured (664 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4283 (4283), Dst Port: smtp (25), Seq: 10, Ack: 37, Len: 29
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    117 11.136472   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 117: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4283 (4283), Seq: 37, Ack: 39, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    118 11.136775   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <user2@mydomain.tld>

Frame 118: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4283 (4283), Dst Port: smtp (25), Seq: 39, Ack: 45, Len: 28
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    119 11.137724   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 119: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4283 (4283), Seq: 45, Ack: 67, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    120 11.137974   192.168.0.60          192.168.0.5           SMTP     C: DATA

Frame 120: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4283 (4283), Dst Port: smtp (25), Seq: 67, Ack: 53, Len: 6
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    121 11.143201   192.168.0.5           192.168.0.60          SMTP     S: 354 OK, send.

Frame 121: 69 bytes on wire (552 bits), 69 bytes captured (552 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4283 (4283), Seq: 53, Ack: 73, Len: 15
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    122 11.149712   192.168.0.60          192.168.0.5           IMF      from: <user1@mydomain.tld>, subject: Test subject, 

Frame 122: 665 bytes on wire (5320 bits), 665 bytes captured (5320 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4283 (4283), Dst Port: smtp (25), Seq: 73, Ack: 68, Len: 611
Simple Mail Transfer Protocol
Internet Message Format

No.     Time        Source                Destination           Protocol Info
    168 11.194553   192.168.0.5           192.168.0.60          SMTP     S: 250 Queued (0.000 seconds)

Frame 168: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4283 (4283), Seq: 68, Ack: 684, Len: 28
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    173 11.198187   192.168.0.60          192.168.0.5           SMTP     C: QUIT

Frame 173: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4283 (4283), Dst Port: smtp (25), Seq: 684, Ack: 96, Len: 6
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    178 11.200198   192.168.0.5           192.168.0.60          SMTP     S: 221 goodbye

Frame 178: 67 bytes on wire (536 bits), 67 bytes captured (536 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4283 (4283), Seq: 96, Ack: 691, Len: 13
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    208 11.216050   192.168.0.5           192.168.0.60          SMTP     S: 220 mx.mydomain.tld ESMTP

Frame 208: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4285 (4285), Seq: 1, Ack: 1, Len: 24
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    210 11.216352   192.168.0.60          192.168.0.5           SMTP     C: HELO sr

Frame 210: 63 bytes on wire (504 bits), 63 bytes captured (504 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4285 (4285), Dst Port: smtp (25), Seq: 1, Ack: 25, Len: 9
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    229 11.226251   192.168.0.5           192.168.0.60          SMTP     S: 250 Hello.

Frame 229: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4285 (4285), Seq: 25, Ack: 10, Len: 12
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    230 11.226691   192.168.0.60          192.168.0.5           SMTP     C: MAIL FROM: <user1@mydomain.tld>

Frame 230: 83 bytes on wire (664 bits), 83 bytes captured (664 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4285 (4285), Dst Port: smtp (25), Seq: 10, Ack: 37, Len: 29
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    234 11.228101   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 234: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4285 (4285), Seq: 37, Ack: 39, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    235 11.228287   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <user3@mydomain.tld>

Frame 235: 87 bytes on wire (696 bits), 87 bytes captured (696 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4285 (4285), Dst Port: smtp (25), Seq: 39, Ack: 45, Len: 33
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    238 11.229285   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 238: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4285 (4285), Seq: 45, Ack: 72, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    239 11.229469   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <wile.e.coyote@acme.inc>

Frame 239: 89 bytes on wire (712 bits), 89 bytes captured (712 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4285 (4285), Dst Port: smtp (25), Seq: 72, Ack: 53, Len: 35
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    242 11.230468   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 242: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4285 (4285), Seq: 53, Ack: 107, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    243 11.230659   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <"road.runner@a"@mydomain.tld>

Frame 243: 92 bytes on wire (736 bits), 92 bytes captured (736 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4285 (4285), Dst Port: smtp (25), Seq: 107, Ack: 61, Len: 38
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    246 11.231532   192.168.0.5           192.168.0.60          SMTP     S: 550 A valid address is required.

Frame 246: 88 bytes on wire (704 bits), 88 bytes captured (704 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4285 (4285), Seq: 61, Ack: 145, Len: 34
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    250 11.233933   192.168.0.60          192.168.0.5           SMTP     C: QUIT

Frame 250: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4285 (4285), Dst Port: smtp (25), Seq: 145, Ack: 95, Len: 6
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    255 11.235044   192.168.0.5           192.168.0.60          SMTP     S: 221 goodbye

Frame 255: 67 bytes on wire (536 bits), 67 bytes captured (536 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4285 (4285), Seq: 95, Ack: 152, Len: 13
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    292 11.254444   192.168.0.5           192.168.0.60          SMTP     S: 220 mx.mydomain.tld ESMTP

Frame 292: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4287 (4287), Seq: 1, Ack: 1, Len: 24
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    293 11.254781   192.168.0.60          192.168.0.5           SMTP     C: HELO sr

Frame 293: 63 bytes on wire (504 bits), 63 bytes captured (504 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4287 (4287), Dst Port: smtp (25), Seq: 1, Ack: 25, Len: 9
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    312 11.264879   192.168.0.5           192.168.0.60          SMTP     S: 250 Hello.

Frame 312: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4287 (4287), Seq: 25, Ack: 10, Len: 12
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    314 11.265152   192.168.0.60          192.168.0.5           SMTP     C: MAIL FROM: <user1@mydomain.tld>

Frame 314: 83 bytes on wire (664 bits), 83 bytes captured (664 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4287 (4287), Dst Port: smtp (25), Seq: 10, Ack: 37, Len: 29
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    317 11.266442   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 317: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4287 (4287), Seq: 37, Ack: 39, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    319 11.266691   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <user2@mydomain.tld>

Frame 319: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4287 (4287), Dst Port: smtp (25), Seq: 39, Ack: 45, Len: 28
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    321 11.267742   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 321: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4287 (4287), Seq: 45, Ack: 67, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    323 11.268014   192.168.0.60          192.168.0.5           SMTP     C: DATA

Frame 323: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4287 (4287), Dst Port: smtp (25), Seq: 67, Ack: 53, Len: 6
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    333 11.283377   192.168.0.5           192.168.0.60          SMTP     S: 354 OK, send.

Frame 333: 69 bytes on wire (552 bits), 69 bytes captured (552 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4287 (4287), Seq: 53, Ack: 73, Len: 15
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    352 11.298326   192.168.0.60          192.168.0.5           IMF      from: <user1@mydomain.tld>, subject: Test subject, 

Frame 352: 665 bytes on wire (5320 bits), 665 bytes captured (5320 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4287 (4287), Dst Port: smtp (25), Seq: 73, Ack: 68, Len: 611
Simple Mail Transfer Protocol
Internet Message Format

No.     Time        Source                Destination           Protocol Info
    400 11.365119   192.168.0.5           192.168.0.60          SMTP     S: 250 Queued (0.032 seconds)

Frame 400: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4287 (4287), Seq: 68, Ack: 684, Len: 28
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    404 11.370984   192.168.0.60          192.168.0.5           SMTP     C: QUIT

Frame 404: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4287 (4287), Dst Port: smtp (25), Seq: 684, Ack: 96, Len: 6
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    407 11.371592   192.168.0.5           192.168.0.60          SMTP     S: 221 goodbye

Frame 407: 67 bytes on wire (536 bits), 67 bytes captured (536 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4287 (4287), Seq: 96, Ack: 691, Len: 13
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    414 11.384505   192.168.0.5           192.168.0.60          SMTP     S: 220 mx.mydomain.tld ESMTP

Frame 414: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4295 (4295), Seq: 1, Ack: 1, Len: 24
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    415 11.384865   192.168.0.60          192.168.0.5           SMTP     C: HELO sr

Frame 415: 63 bytes on wire (504 bits), 63 bytes captured (504 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4295 (4295), Dst Port: smtp (25), Seq: 1, Ack: 25, Len: 9
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    416 11.394900   192.168.0.5           192.168.0.60          SMTP     S: 250 Hello.

Frame 416: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4295 (4295), Seq: 25, Ack: 10, Len: 12
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    417 11.395181   192.168.0.60          192.168.0.5           SMTP     C: MAIL FROM: <user1@mydomain.tld>

Frame 417: 83 bytes on wire (664 bits), 83 bytes captured (664 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4295 (4295), Dst Port: smtp (25), Seq: 10, Ack: 37, Len: 29
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    418 11.396221   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 418: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4295 (4295), Seq: 37, Ack: 39, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    419 11.396808   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <user3@mydomain.tld>

Frame 419: 87 bytes on wire (696 bits), 87 bytes captured (696 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4295 (4295), Dst Port: smtp (25), Seq: 39, Ack: 45, Len: 33
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    420 11.397719   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 420: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4295 (4295), Seq: 45, Ack: 72, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    421 11.398045   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <wile.e.coyote@acme.inc>

Frame 421: 89 bytes on wire (712 bits), 89 bytes captured (712 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4295 (4295), Dst Port: smtp (25), Seq: 72, Ack: 53, Len: 35
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    422 11.398982   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 422: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4295 (4295), Seq: 53, Ack: 107, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    423 11.399383   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <"road.runner@a"@mydomain.tld>

Frame 423: 92 bytes on wire (736 bits), 92 bytes captured (736 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4295 (4295), Dst Port: smtp (25), Seq: 107, Ack: 61, Len: 38
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    424 11.399945   192.168.0.5           192.168.0.60          SMTP     S: 550 A valid address is required.

Frame 424: 88 bytes on wire (704 bits), 88 bytes captured (704 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4295 (4295), Seq: 61, Ack: 145, Len: 34
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    425 11.403618   192.168.0.60          192.168.0.5           SMTP     C: QUIT

Frame 425: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4295 (4295), Dst Port: smtp (25), Seq: 145, Ack: 95, Len: 6
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    426 11.404138   192.168.0.5           192.168.0.60          SMTP     S: 221 goodbye

Frame 426: 67 bytes on wire (536 bits), 67 bytes captured (536 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4295 (4295), Seq: 95, Ack: 151, Len: 13
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    438 11.420394   192.168.0.5           192.168.0.60          SMTP     S: 220 mx.mydomain.tld ESMTP

Frame 438: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4297 (4297), Seq: 1, Ack: 1, Len: 24
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    439 11.420700   192.168.0.60          192.168.0.5           SMTP     C: HELO sr

Frame 439: 63 bytes on wire (504 bits), 63 bytes captured (504 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4297 (4297), Dst Port: smtp (25), Seq: 1, Ack: 25, Len: 9
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    440 11.430684   192.168.0.5           192.168.0.60          SMTP     S: 250 Hello.

Frame 440: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4297 (4297), Seq: 25, Ack: 10, Len: 12
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    441 11.430983   192.168.0.60          192.168.0.5           SMTP     C: MAIL FROM: <user1@mydomain.tld>

Frame 441: 83 bytes on wire (664 bits), 83 bytes captured (664 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4297 (4297), Dst Port: smtp (25), Seq: 10, Ack: 37, Len: 29
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    442 11.432059   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 442: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4297 (4297), Seq: 37, Ack: 39, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    443 11.432327   192.168.0.60          192.168.0.5           SMTP     C: RCPT TO: <user2@mydomain.tld>

Frame 443: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4297 (4297), Dst Port: smtp (25), Seq: 39, Ack: 45, Len: 28
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    444 11.433264   192.168.0.5           192.168.0.60          SMTP     S: 250 OK

Frame 444: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4297 (4297), Seq: 45, Ack: 67, Len: 8
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    445 11.433528   192.168.0.60          192.168.0.5           SMTP     C: DATA

Frame 445: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4297 (4297), Dst Port: smtp (25), Seq: 67, Ack: 53, Len: 6
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    446 11.438484   192.168.0.5           192.168.0.60          SMTP     S: 354 OK, send.

Frame 446: 69 bytes on wire (552 bits), 69 bytes captured (552 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4297 (4297), Seq: 53, Ack: 73, Len: 15
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    447 11.445013   192.168.0.60          192.168.0.5           IMF      from: <user1@mydomain.tld>, subject: Test subject, 

Frame 447: 665 bytes on wire (5320 bits), 665 bytes captured (5320 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4297 (4297), Dst Port: smtp (25), Seq: 73, Ack: 68, Len: 611
Simple Mail Transfer Protocol
Internet Message Format

No.     Time        Source                Destination           Protocol Info
    449 11.489196   192.168.0.5           192.168.0.60          SMTP     S: 250 Queued (0.015 seconds)

Frame 449: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4297 (4297), Seq: 68, Ack: 684, Len: 28
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    450 11.490647   192.168.0.60          192.168.0.5           SMTP     C: QUIT

Frame 450: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa), Dst: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6)
Internet Protocol, Src: 192.168.0.60 (192.168.0.60), Dst: 192.168.0.5 (192.168.0.5)
Transmission Control Protocol, Src Port: 4297 (4297), Dst Port: smtp (25), Seq: 684, Ack: 96, Len: 6
Simple Mail Transfer Protocol

No.     Time        Source                Destination           Protocol Info
    452 11.491152   192.168.0.5           192.168.0.60          SMTP     S: 221 goodbye

Frame 452: 67 bytes on wire (536 bits), 67 bytes captured (536 bits)
Ethernet II, Src: Intel_6c:2c:c6 (00:0e:0c:6c:2c:c6), Dst: CompalIn_f1:cb:fa (1c:75:08:f1:cb:fa)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.60 (192.168.0.60)
Transmission Control Protocol, Src Port: smtp (25), Dst Port: 4297 (4297), Seq: 96, Ack: 690, Len: 13
Simple Mail Transfer Protocol
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

mfields
New user
New user
Posts: 6
Joined: 2016-05-06 14:56

Re: Email sent to random person as BCC when invalid TO field specified

Post by mfields » 2019-06-20 11:06

SorenR wrote:
2019-06-19 20:37
Why is "Dim NewMail" down the middle of the code?
That was an error - I have re-ran the test without that line of code and still the same results.
SorenR wrote:
2019-06-20 03:20
Wireshark trace performed from the client computer. I believe CDO do have a problem!
I'm not too sure what to be looking out for, but that looks fine to me.


I ran a Wireshark trace while performing the test after removing the redundant "Dim NewMail" line.
While I'm not 100% sure on how to analyse the data and come to any conclusions, here is a PDF output of a TCP conversation which includes some mangled data, "RCPT TO: <X"\273%\033\002>": https://www.dropbox.com/s/8zwps1ngl2ra1 ... e.pdf?dl=0

User avatar
jimimaseye
Moderator
Moderator
Posts: 8006
Joined: 2011-09-08 17:48

Re: Email sent to random person as BCC when invalid TO field specified

Post by jimimaseye » 2019-06-20 12:27

No. Time Source Destination Protocol Length Info
4447 08:42:08.075544 127.0.0.1 127.0.0.1 SMTP 73 C: RCPT TO: <X"\273%\033\002>
Yep. Pretty conclusive. The error is coming from the client (CDO in this case).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

tunis
Normal user
Normal user
Posts: 215
Joined: 2015-01-05 20:22
Location: Sweden

Re: Email sent to random person as BCC when invalid TO field specified

Post by tunis » 2019-06-20 14:00

I have test with this script.

Code: Select all

Set objMsg      = CreateObject("CDO.Message")
objMsg.Subject  = "CDO TEST MESSAGE" & vbTab & Now()
objMsg.Sender   = "test@test.local" 
objMsg.To       = "test1@test.local; test2@test.local: test3@test.local; test4@test.local;"
objMsg.From     = "admin@tech.samobler.se"       
objMsg.TextBody = "CDO TEST MESSAGE" & vbTab & Now()

objMsg.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objMsg.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "192.168.1.111" 
objMsg.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objMsg.Configuration.Fields.Update

objMsg.Send

Wscript.Echo "DONE"
Wscript.Quit
And this gives error that SMTP-server sent: 550 A valid address is required.

And the hMail log shows this

Code: Select all

"SMTPD"	564	116592	"2019-06-20 13:56:02.796"	"10.10.0.5"	"SENT: 220 mail.test.local ESMTP"
"SMTPD"	1856	116592	"2019-06-20 13:56:02.796"	"10.10.0.5"	"RECEIVED: HELO SAPC19801"
"SMTPD"	1856	116592	"2019-06-20 13:56:02.796"	"10.10.0.5"	"SENT: 250 Hello."
"SMTPD"	296	116592	"2019-06-20 13:56:02.796"	"10.10.0.5"	"RECEIVED: MAIL FROM: <test@test.local>"
"SMTPD"	296	116592	"2019-06-20 13:56:02.811"	"10.10.0.5"	"SENT: 250 OK"
"SMTPD"	564	116592	"2019-06-20 13:56:02.811"	"10.10.0.5"	"RECEIVED: RCPT TO: <test1@test.local>"
"SMTPD"	564	116592	"2019-06-20 13:56:02.811"	"10.10.0.5"	"SENT: 250 OK"
"SMTPD"	296	116592	"2019-06-20 13:56:02.811"	"10.10.0.5"	"RECEIVED: RCPT TO: <test4@test.local>"
"SMTPD"	296	116592	"2019-06-20 13:56:02.827"	"10.10.0.5"	"SENT: 250 OK"
"SMTPD"	1856	116592	"2019-06-20 13:56:02.827"	"10.10.0.5"	"RECEIVED: RCPT TO: <>"
"SMTPD"	1856	116592	"2019-06-20 13:56:02.827"	"10.10.0.5"	"SENT: 550 A valid address is required."
"SMTPD"	296	116592	"2019-06-20 13:56:02.842"	"10.10.0.5"	"RECEIVED: QUIT"
"SMTPD"	296	116592	"2019-06-20 13:56:02.842"	"10.10.0.5"	"SENT: 221 goodbye"
No messeges are sent or wrong TO address.
HMS 5.6.8 B2437.17 on Windows Server 2019 Core VM.
HMS 5.6.8 B2437.17 on Windows Server 2016 Core VM.
HMS 5.6.7 B2425.16 on Windows Server 2012 R2 Core VM.

User avatar
SorenR
Senior user
Senior user
Posts: 3153
Joined: 2006-08-21 15:38
Location: Denmark

Re: Email sent to random person as BCC when invalid TO field specified

Post by SorenR » 2019-06-20 14:05

mfields wrote:
2019-06-20 11:06
SorenR wrote:
2019-06-19 20:37
Why is "Dim NewMail" down the middle of the code?
That was an error - I have re-ran the test without that line of code and still the same results.
SorenR wrote:
2019-06-20 03:20
Wireshark trace performed from the client computer. I believe CDO do have a problem!
I'm not too sure what to be looking out for, but that looks fine to me.


I ran a Wireshark trace while performing the test after removing the redundant "Dim NewMail" line.
While I'm not 100% sure on how to analyse the data and come to any conclusions, here is a PDF output of a TCP conversation which includes some mangled data, "RCPT TO: <X"\273%\033\002>": https://www.dropbox.com/s/8zwps1ngl2ra1 ... e.pdf?dl=0
Try this code...

Code: Select all

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%

Private Sub testEmail( emailto )
    Dim oMatch, oMatches
    With CreateObject("VBScript.RegExp")
        .Pattern = "(([a-zA-Z0-9_\-\.]+)\@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5}))"
        .Global = True
        .MultiLine = True
        .IgnoreCase = True
        Set oMatches = .Execute(emailto)
    End With
    emailto = ""
    For Each oMatch In oMatches
        emailto = oMatch & ";" & emailto
    Next
    With CreateObject("CDO.Message")
        .Configuration.Fields.Item(             "http://schemas.microsoft.com/cdo/configuration/sendusing" ) = 2
        .Configuration.Fields.Item(            "http://schemas.microsoft.com/cdo/configuration/smtpserver" ) = "localhost"
        .Configuration.Fields.Item(        "http://schemas.microsoft.com/cdo/configuration/smtpserverport" ) = 25
        .Configuration.Fields.Item(      "http://schemas.microsoft.com/cdo/configuration/smtpauthenticate" ) = 0
        .Configuration.Fields.Item(               "http://schemas.microsoft.com/cdo/configuration/sendtls" ) = False
        .Configuration.Fields.Item(            "http://schemas.microsoft.com/cdo/configuration/smtpusessl" ) = False
        .Configuration.Fields.Item( "http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout" ) = 10
        .Configuration.Fields.Item(          "http://schemas.microsoft.com/cdo/configuration/sendusername" ) = "user@domain.tld"
        .Configuration.Fields.Item(          "http://schemas.microsoft.com/cdo/configuration/sendpassword" ) = "password"
        .Configuration.Fields.Update
        .Subject = "Test subject"
        .From = "user@domin.tld"
        .To = emailto
        .TextBody = "Test body"
        .Send
    End With
    WScript.Echo( "eMail(s) sent to " & emailto & " at " & Now() )
End Sub

Call testEmail(Request.QueryString( "emailto") )

%>
This part

Code: Select all

    Dim oMatch, oMatches
    With CreateObject("VBScript.RegExp")
        .Pattern = "(([a-zA-Z0-9_\-\.]+)\@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5}))"
        .Global = True
        .MultiLine = True
        .IgnoreCase = True
        Set oMatches = .Execute(emailto)
    End With
    emailto = ""
    For Each oMatch In oMatches
        emailto = oMatch & ";" & emailto
    Next
The RegEx extract the email addresses from "emailto" without the separator and put them together afterwards with the proper separator.

One major flaw with CDO is the inability to configure a FQDN for the HELO greeting, CDO is using the stations NetBios name. RFC says HELO/EHLO greeting *must* contain FQDN or Domain Literal (IPAddress in square brackets).
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

Post Reply