[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] SMTP hole maybe - any ideas

Subject: Re: [cobalt-users] SMTP hole maybe - any ideas
From: Andreas Banze <andreas@xxxxxxxx>
Date: Wed Jun 4 04:34:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Wed Jun 04, 2003 - 11:55:22AM, Ian wrote:

Hmmm... seems to be harder than anticipated...

> It seems unbelievable that this can happen to be honest. With this
> scenario it would surely mean that the servers own SMTP server can be used
> to send spam mail to people on that server with no method of tracing the
> culprits normal mail route.

There are log files and Received-Kludges in mails so there is a trace
Check the header of the mail you mentioned in your former mail.

> i.e. they look for company that provides hosting that in some cases they
> list a large number of there clients, for which that spammer then picks a
> domain as its sending email address and then sends loads of spam to the
> other domains, in that first domains name in effect. Surely cant be
> right....

you did miss the point: If the mail server knows it is responsible for the
receiver or if the sender is known (there is a reason I wrote that the
sender normally is not determined by the email address).

Anyone can send any spam to any address as long as it is either known or
guessable. So if you write on this list your email address is in the list
archive that is accessible in the web. Harvesters will get ist and voila,
you get spam. Add postmaster@, webmaster@, info@ to the addresses connected
to your domain and with any luck you'll get 4 of them. You don't need to
have any local address as sender and that's not the point here.

The validity of a sender is mostly determined by:
the smtp-server feels responsible for the recipient (normally no further
check is done - it relays the mail to this recipient)
the ip address of the sending host (client or server) is known and allowed
to relay (e.g. ISP dialin-pools, office nets and so on)
There is some way of athentication involved (smtp-auth or smtp-after-pop)

In these cases the mails gets relayed. 

Surely your office is allowed to relay through your raq3, otherwise nobody
in your office would be allowed to send mail to the outside world.
Additionally you sent the mail to a "local" address, so it got relayed
anyway.

Because your raq3 doesn't know about the outside MX (it is told by
configuration that it is the host that handles your domain) it'll deliver
the mail locally so there is no pop3 involved.

> Any one else got any ideas of stopping this...

I'm not a native speaker, but I'll do anything needed to explain to you that
your raq3 does anything that it is supposed to do. Just because any other
mailserver in the world knows another host is MX for your domain doesn't
mean your raq3 cares about (and it doesn't need to).

It's not an exploit, it's not a security problem and for god's sake it's not
a new way to send spam.

It is the result of a crude hack to allow you to use a smtp server behind a
dialin connection and the fact that your smtp server doesn't know about this
hack.

MfG
Andreas Banze

--
There are two means of refuge from the miseries of life: music and cats.
					-- Albert Schweitzer

Follow-Ups:
- RE: [cobalt-users] SMTP hole maybe - any ideas
  - From: Ian
- RE: [cobalt-users] SMTP hole maybe - any ideas
  - From: Dan Kriwitsky

References:
- Re: [cobalt-users] SMTP hole maybe - any ideas
  - From: Andreas Banze
- RE: [cobalt-users] SMTP hole maybe - any ideas
  - From: Ian

Prev by Date: RE: [cobalt-users] SMTP hole maybe - any ideas
Next by Date: RE: [cobalt-users] SMTP hole maybe - any ideas
Previous by thread: RE: [cobalt-users] SMTP hole maybe - any ideas
Next by thread: RE: [cobalt-users] SMTP hole maybe - any ideas

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index