[Exim] exim + postfix vunerable? - was: Mail relay vulnerabi…

Top Page
Delete this message
Reply to this message
Author: Neil Clifford
Date:  
To: postfix-users, exim-users
CC: wietse, ph10
Subject: [Exim] exim + postfix vunerable? - was: Mail relay vulnerability in RedHat 5.0,5.1, 5.2 (fwd)
Hi - I noticed this on bugtraq just, so decided to check some postfix,
exim and sendmail relays. Only sendmail rejected it - they all normally
reject attempts to relay. Ouch!

regards,

N

----- Forwarded message from David Luyer <luyer@???> -----

Date:         Fri, 16 Jul 1999 18:12:54 +0800
Reply-To: David Luyer <luyer@???>
From: David Luyer <luyer@???>
Subject:      Mail relay vulnerability in RedHat 5.0, 5.1, 5.2
To: BUGTRAQ@???


We have recently found ourself used as mail relays and put into the ORBS
mail relay blocking system due to a bug in early anti-relay rulesets as
used in both our local rules and RedHat 5.0, 5.1 and 5.2 (even though we
never touch RedHat on serious servers, somehow our home-brew rulesets ended
up bug-compatible).

It seems that some spammers out there have discovered the power of:

RCPT TO: <"target@???>

where relay.host.name is obtained by reverse DNS lookup.

Users of sendmail 8.9.x of course have no problem, neither do those who have
updated their mail relay prevention rulesets recently, but I think there are
enough RedHat 5.0, 5.1 and 5.2 users who are unaware of the problem to make it
worth sending this out.

I have put out a quick little script which fixes this. The script
can be found at:
ftp://typhaon.ucs.uwa.edu.au/pub/strobe-classb/RH5.0-5.2-patchscript

This problem is checked for by my latest relay scanner at:
ftp://typhaon.ucs.uwa.edu.au/pub/strobe-classb/strobe-classb-v1.8.tgz

(some additional information about open relays and some problems they present
can be found at http://typhaon.ucs.uwa.edu.au/presentations.html under
'E-mail Security', but hopefully everyone is well-informed of the issues by
now; that paper is quite dated even if it is under a year old)

David.

----- End forwarded message -----

--
Neil Clifford * Oxford Starlink Computer Manager * clifford@???