Re: [Exim] [SOLVED] Relay exploit in 3.36

Top Page
Delete this message
Reply to this message
Author: list-exim-users
Date:  
To: exim-users
Subject: Re: [Exim] [SOLVED] Relay exploit in 3.36
Hello list-exim-users,

Thank you for the suggestions. I should have been watching the debug a
little more closely. There was no problem with exim. It was a
Exim/Vmail-sql issue and nothing was wrong with vmail-sql either.

There was a forwarder directing email to the users email address.

Boy do I feel dumb. :{

--
Best regards,
 list-exim-users                            mailto:list-exim-users@archrival.net


Thursday, September 5, 2002, 10:32:07 AM, you wrote:
===8<==============Original message text===============
leu> Hello exim-users,


leu> [There must be a less intrusive method to submit potential bug
leu> reports. I know you have to be active in the community, but joining a
leu> mailing list simply to submit a potential bug report? It's so
leu> intrusive on this end and likely we're missing a lot of bugs doing
leu> this way from people who would otherwise submit to perhaps a web
leu> forum? I find that less intrusive. It takes quite a number of steps to
leu> get to this point.]


leu> At any rate, here's a message I sent to the Postmaster(no other
leu> contact addresses) who directed me here. After shirking the idea off
leu> for a day I felt it necessary to go to the lengths to setup to receive
leu> this mailing list. Sheesh.


leu> ------------------------------------------------------------------------
leu> Apologies if this is not the correct address. If it is not, could you
leu> please forward this to the correct one? Thank you.


leu> It appears there is an exploit in Exim concerning allowing relaying to
leu> external SMTP servers.


leu> Our "local_domains" directive looks like this:


leu> local_domains = localhost:a-local-domain.com:mysql;select domain_name from domain
leu> where domain_name='$key'


leu> Now, this should allow relaying to domains that are hosted by our
leu> system, or that we specifically want to relay to and it does do that.
leu> However, it also allows relaying to servers we do not want to send to.


leu> Here's a concrete, tested example on our system:


leu> A local domain, 'local-domain.com'[edited], is on our system but has no email
leu> capabilities. It is simply active as an HTTP property. Now, when
leu> sending an email with this as the To: field -->


leu> [Edited from real, concrete example address that was causing problems]


leu> "non-local@???" <anything@???>
leu> (please do not contact the email address above, as it is one of our
leu> clients)


leu> The email is relayed to 'non-local-domain.com'[edited] which we do NOT want to relay
leu> to. It does this because apparently it looks at the
leu> 'local-domain.com'[edited]
leu> portion and decides that the email address is local, but it uses the
leu> non-local "non-local@???"[edited] email address for
leu> sending.


leu> Is this a known exploit and is there a way around it? I didn't see any
leu> mention in the FAQs concerning it.


leu> Thanks for any help that you may be able to provide, and thank you for
leu> Exim, great software!
leu> ------------------------------------------------------------------------


leu> Any ideas on this? Am I doing something wrong or is this an actual
leu> exploit?


leu> --
leu> Best regards,
leu>  list-exim-users                          mailto:list-exim-users@archrival.net



leu> --


leu> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##



===8<===========End of original message text===========