[Exim] Re: exim + postfix vunerable? - was: Mail relay vulne…

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Wietse Venema
CC: Neil Clifford, postfix-users, exim-users
Subject: [Exim] Re: exim + postfix vunerable? - was: Mail relay vulnerability in RedHat 5.0,5.1, 5.2 (fwd)
On Sat, 17 Jul 1999, Wietse Venema wrote:

> Neil Clifford:
> > Hi - I noticed this on bugtraq just, so decided to check some postfix,
> > exim and sendmail relays. Only sendmail rejected it - they all normally
> > reject attempts to relay. Ouch!
> ...
> > RCPT TO: <"target@???>
>
> Postfix does not look inside the quotes, and therefore does not
> forward such mail to target@???.
>
>     <"target@???>: unknown user:
>    "target@???"


Exim also treats "target@???" as the text of a local part,
which presumably does not exist, so it also does not forward such mail.
It either refuses the RCPT command, or generates a bounce message,
depending on the configuration.

It would be possible to configure Exim to treat any unknown local part
containing an @ as a totally new address, but this is not a standard
configuration, and anybody who set up such a configuration would be
crazy.

> Please properly check your facts before shouting "fire!".


Indeed.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.