sendmail 8.11.6 relaying hole?
 

I am blocking all relaying and only accepting mail for my domains so I go and test this with telnet 0 25 and get...

mail from:spamtest@<my domain>
250 spamtest@<my domain> ... Sender ok
rcpt to: user@<yahoo.com>
554 user@<yahoo.com>... Relay operation rejected

So I thought all was all good but decide to test against ordb.org anyhow, and to my surprise I fail. A close look at their headers and they know an exploit that I can not find a resolution to. So I try again, with their hack, and I can slide it through as well.

again telnet by hand to the mail port, to test on your own replace info inside < > with your own info

mail from:<bogus user>@<mydomain.com>
250 <bogus user>@<mydomain.com>...Sender ok
rcpt to:<user>%yahoo.com@<mydomain.com>
250 <user>%yahoo.com@<mydomain.com> ... Recipient ok

type any data after that I want and it delievers it straight to yahoo for me. I can not find any documentation on this at sendmail and searching on google has not turned up any hints for me yet.

Any suggestions on how to correct this will be greatly appreciated.

oh and by the way I pass all of abuse.net's tests...

-btb

sendmail.org'santi-spam page, somewhere around "FEATURE(`loose_relay_check')"?