3CX DLL-Sideloading attack: What you need to know
This is the "scenario".
I have a Vmware network on which a number of servers (Domain controllers, administrative management servers etc.) are virtualized.
Connected to this network are physical devices such as clients, printers etc.
The entire infrastructure is connected to a managed HUB.
Between the HUB and Internet is a Sophos XG Firewall (116w) and a DSL Modem provided by the provider.
So far all is okay and the clients navigate correctly and also send and receive e-mail.
A management application is installed on an administrative virtual server that uses a small program (blat.exe) to send emails with attachments.
The management application compiles a string and run it, e.g.
blat mail_body_message.txt -to email@example.com -subject “Email Object” -attach attachment.pdf -f sender@sender_email.com - server server_smtp -u username -pw password
At this point the command is not executed correctly and in the log I find
2023.01.18 08:43:09 (Wed)------------Start of Session-----------------Blat v3.0.0 w/GSS encryption (build : Feb 17 2012 17:46:41)<<<getline<<< 220 SMTP ESMTP ready>>>putline>>> EHLO cg-server.domain.it<<<getline<<< 250-SMTP Hello cg-server.domain.lcl [192.168.1.110]<<<getline<<< 250-SIZE<<<getline<<< 250-8BITMIME<<<getline<<< 250-PIPELINING<<<getline<<< 250-PIPE_CONNECT<<<getline<<< 250-CHUNKING<<<getline<<< 250-STARTTLS<<<getline<<< 250 HELPSending mail_body_message.txt to firstname.lastname@example.orgSubject: “Email Object”Login name is sender@sender_email.com>>>putline>>> MAIL FROM:<sender@sender_email.com><<<getline<<< 250 OK>>>putline>>> RCPT TO:<email@example.com><<<getline<<< 550 Relay not permittedThe SMTP server does not like the name firstname.lastname@example.org.Have you set the 'To:' field correctly, or do you need authorization (-u/-pw) ?The SMTP server response was -> 550 Relay not permitted>>>putline>>> QUITError: Connection to server was dropped.2023.01.18 08:43:11 (Wed)-------------End of Session------------------
To check if it is a firewall problem, I disconnected the Sophos XG and connected the network directly to the DSL modem.
Everything is working correctly.
Can I be helped to solve the problem?
Thank You and Best Regards.