On Wed, Apr 03, 2002 at 03:06:07PM +0800, Suresh Ramasubramanian wrote:
> Before you puke... it also acts as a POP proxy. And the smtp proxy
> thing has been known to be an open relay.
They have no pity, do they?
On Wed, Apr 03, 2002 at 11:34:04AM +0200, Tamas TEVESZ wrote:
> On Tue, 2 Apr 2002, Marc MERLIN wrote:
>
> > Oh my god, the thing actually highjacks outoing SMTP to 25, poses as an
> > SMTP server and relays to the server you were trying to connect to?
>
> which wouldn't even be a problem if it did properly (eg, say, removing
> "starttls" from the server response, or whatnot. or, even nicer,
> really telling you it's a proxy, and it's nav you're talking to, not
> exim).
Correction: it wouldn't be _near_ as bad.
My MUAs are configured to require encryption to send, NAV will definitely
break that.
> this kind of behaviour makes it identically "useful" to pix... (btw,
Please don't get me started on PIX (which at least has to be configured to
do most of the stupid things it does, except for breaking TCP ECN).
I also found another "cute" one: checkpoint's SMTP proxy will (or can be
configured to, I don't know) to accept null mail froms, and then say that
any RCPT TO is unavailable.
If you change the mail from to something else, then the RCPT magically
works.
This breaks SMTP callbacks and bounces beautifully obviously...
Marc
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page:
http://marc.merlins.org/ | Finger marc_f@??? for PGP key
