LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-28-2002, 05:38 PM   #1
b_t_b
LQ Newbie
 
Registered: May 2002
Posts: 1

Rep: Reputation: 0
Question sendmail 8.11.6 relaying hole?


I am blocking all relaying and only accepting mail for my domains so I go and test this with telnet 0 25 and get...

mail from:spamtest@<my domain>
250 spamtest@<my domain> ... Sender ok
rcpt to: user@<yahoo.com>
554 user@<yahoo.com>... Relay operation rejected

So I thought all was all good but decide to test against ordb.org anyhow, and to my surprise I fail. A close look at their headers and they know an exploit that I can not find a resolution to. So I try again, with their hack, and I can slide it through as well.

again telnet by hand to the mail port, to test on your own replace info inside < > with your own info

mail from:<bogus user>@<mydomain.com>
250 <bogus user>@<mydomain.com>...Sender ok
rcpt to:<user>%yahoo.com@<mydomain.com>
250 <user>%yahoo.com@<mydomain.com> ... Recipient ok

type any data after that I want and it delievers it straight to yahoo for me. I can not find any documentation on this at sendmail and searching on google has not turned up any hints for me yet.

Any suggestions on how to correct this will be greatly appreciated.

oh and by the way I pass all of abuse.net's tests...

-btb

Last edited by b_t_b; 05-29-2002 at 05:40 PM.
 
Old 06-03-2002, 02:00 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
sendmail.org'santi-spam page, somewhere around "FEATURE(`loose_relay_check')"?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sendmail relaying CuriousOne Linux - Networking 1 08-05-2005 04:43 PM
Sendmail relaying linuxpyro Linux - Software 0 05-26-2004 05:05 PM
Sendmail and Relaying Hessian Rider Linux - Networking 2 03-04-2003 08:53 AM
ISS Discovers A Remote Hole In Sendmail MikeeX Linux - Security 0 03-03-2003 03:06 PM
sendmail relaying atin Linux - Software 1 10-01-2002 11:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration