Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Newsletter script?

  1. #1
    Member skor78's Avatar
    Join Date
    Jul 2009
    Posts
    140

    Default Newsletter script?

    Hi all,

    First of all i know this isn't either BT or pentest related, but maybe you guys can point me in the right direction.. Also, although my intention is not inclined that way (i'm doing this to help me in my job), this can also be a little bit inclined to blackhat and SE related tools..

    So here it is,
    I'm looking for a linux script to send mass newsletters from my company clients db (around 80.000 mails), preferably without filling my own mail server with bounced back and out-of-office replies..

    Under Windows, i found a trial ver. of Effective Newsletter Studio, and with this app what happened was, i only needed to write whatever email i wished to be sender, without any mail server configurations, or filtering at all.. After this i selected my mailing list and send. I've tested the program, and it worked!! even as a joke, i've written the recipient was 'support@microsoft.com' and send the newsletter to my own email, and it was there, from 'support@microsoft.com'!! Unfortunately the trial ver. is limited to sending 100 emails, and the full version costs 650€..

    I saw in here a possible way to send all mails with an inexistent email account (in ex. 'no-reply@something.com'), which would automatically ditch any bounced back mails.. to where, i do not know..
    Anyway, i thought some of you might see this as a opportunity to use such script in pentest security auditions, as a SE tool.

    Finally, my question is, is there such script already written? And if not, is anyone interested in helping me developing it?

    Cheers!

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: Newsletter script?

    One would imagine that the majority of us have received a bit of spam here and there, and probably don't want to help you out here. It isn't terribly hard to write a quick mass mailing script - I would expect anyone with about 20 hours of database scripting work behind them to be able to do so - but the purpose is probably not going to make you any friends and, like you said, it's not really related to pentesting. That said, I've never actually tried it, but I would probably be taken aside for a stern ass-kicking if I tried this during a pentest. A few users sure, but over 100 would be a bit rough.

    There are a lot more programs out there than just ENS - try searching for them. They're called stupid things like "Client Newsletter Mailer" and "bulk email distributor".
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Junior Member
    Join Date
    Aug 2010
    Posts
    51

    Default Re: Newsletter script?

    Im not too sure if I should be letting you know this but its free knowledge.

    You could try a program called HmailServer. I am not 100% sure if it will do exactly what you want but it might be able to assist you

    I give you this as advice and not to do anything destructive or illegal.

  4. #4
    Member skor78's Avatar
    Join Date
    Jul 2009
    Posts
    140

    Default Re: Newsletter script?

    Hi,

    Thanx for the replies. As i've said before, i'm on this only for work purposes, without any illicit intentions behind, and i didn't recommend it to pentest as a spam tool, it was merely to clients see how easy it would be to fake they're email addresses in a SE situation..

    VulcanX, i'll give a look at the soft you recommended, thanx!

    Edit:


    I don't think Hmailserver can be applied to my needs, do i need to configure a genuine domain mail server to use it? As i've said before, the intention is to discard bounced back emails, to avoid clog my mail server..
    Last edited by skor78; 11-25-2010 at 10:25 AM.

  5. #5
    Junior Member
    Join Date
    Aug 2010
    Posts
    51

    Default Re: Newsletter script?

    Well in that case I am not too sure what you could try but I think mimesweeper may be able to assist with this. But that you have to pay for.

    I did a quick google and came up with the following you could look into:

    Sendblaster
    Dadamail
    Bluehost
    SmartserialMail

    I havent used any of the software listed here so cant comment from personal experience, but worth a try I guess

  6. #6
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: Newsletter script?

    Showing a client "how easy it would be to fake they're (sic) email addresses" is a LOT different to emailing 80,000 addresses.

    If all you want to do is show them how easy it is, backtrack comes with a script already for sending email, so use that instead of looking for a point and click solution. But you keep worrying about bounce back, which means you're not actually trying that.
    Last edited by Gitsnik; 11-25-2010 at 12:16 PM.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  7. #7
    Member skor78's Avatar
    Join Date
    Jul 2009
    Posts
    140

    Default Re: Newsletter script?

    VulcanX, thanx again for the info provided, sometimes it's harder for me to search, cuz i'm native Portuguese, and although i manage English language pretty well, i easily fail, when i'm searching in technical terms.. I'll look into the soft your search provided. Thanx allot!

    Quote Originally Posted by Gitsnik View Post
    Showing a client "how easy it would be to fake they're (sic) email addresses" is a LOT different to emailing 80,000 addresses.
    Gitsnik, obviously we're mis-communicating.. Read again my first post. I'm looking for a determinate solution for me. And when i found that software, i brainstormed in how easy it would be to fake the email sender and use mass emails to SE a target. In example, announce a company shutdown, and recommend a competitor, or whatever one might think to do in such attack..

    You're in your right to reject such ideas, obviously, just try to understand that i'm not trying to simulate such attack (i'm not even a pentester, just a enthusiast), my reasons are completely separate from the possibilities i presented. And i've stated my needs before, separately and in a clear way.

    Cheers!

  8. #8
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Newsletter script?

    Quote Originally Posted by VulcanX View Post
    Well in that case I am not too sure what you could try but I think mimesweeper may be able to assist with this. But that you have to pay for.
    MimeSweeper is (was) email security software, which is now pretty close to end of life with its feature set now being provided in a new product called the Clearswift Secure Email Gateway. Its a good product, which I actually happen to have pretty extensive experience with, but it doesn't help you do mass mailings, in fact a number of its features are designed to prevent spammy emails from being received.

    OP, sending mass emails is trivial, as is spoofing the sender address of emails you send - having them accepted by servers that do good spam checking is less easy. When you want to do it on the scale that you are talking about however, you are getting way away from what is normal for a pentest, and getting into the email mass-marketing/spamming space. There are a number of spam prevention features that will kill simple email bots with this volume of traffic, so if you actually want your emails to be received determine your feature requirements and look for a commercial product.

    As to whether you need to have a legitimate domain to send from... yes you probably do, or you will start to run into problems with spam prevention features such as SPF. You might want to read this to see some of the things you will have to contend with if sending mass emails.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  9. #9
    Junior Member
    Join Date
    Aug 2010
    Posts
    51

    Default Re: Newsletter script?

    SPF is one of the biggest issues we had as we are in the emailing biz really We use Mimesweeper but wanted the new version (Linux Based) *might be secure email gateway* and the linux didnt have the intel networking drivers for our motherboard. So we had to cancel the order.


    I am very new into the emailing business but very intrigued to learn more.

    Edit:
    Seeing how SET has the option 5, Mass Mailer, cant you use that? I dont know how it would pull from the database or if you would have to export it into another file, but Im sure it has the capabilities? You could also bounce those off an open relay smtp server, but that is not recommened at all man.
    Last edited by VulcanX; 11-25-2010 at 06:00 PM.

  10. #10
    Member skor78's Avatar
    Join Date
    Jul 2009
    Posts
    140

    Default Re: Newsletter script?

    Hi all,

    Thanx allot for all the feedback provided, it's by far exceeding my expectations!
    Unfortunately i've had an almost 7h presentation from the ver. update of one of our software producers, regarding fiscal update certification for the upcoming year (this is actually the reason for which i need to send the mass emails, warning the companies, with obvious commercial intentions to ourselves), which deprived me from the opportunity to do any research during the rest of the day, however, i see i already have allot research on for tonight and tomorrow.. Hopefully by tomorrow, i'll be much more clarified on this.

    Just wanted to ask a question in between, most of our email recipients have their own domain name, and mail server, do you think the mails would still be treated as junk? i say this because when i tested the mail sending to our own mailboxes, it wasn't..

    Once again thanx allot for all your feedback!

    Cheers!

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 6
    Last Post: 10-08-2010, 11:40 PM
  2. Replies: 10
    Last Post: 07-12-2010, 03:04 PM
  3. cgi script
    By killadaninja in forum OLD Programming
    Replies: 1
    Last Post: 11-16-2009, 09:38 AM
  4. WPA script
    By procraft7399 in forum OLD Newbie Area
    Replies: 27
    Last Post: 04-29-2009, 10:10 AM
  5. LZM Script/lzm2dir script
    By unseen in forum OLD Tutorials and Guides
    Replies: 2
    Last Post: 11-29-2007, 02:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •