[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] SMTP hole maybe - any ideas
- Subject: Re: [cobalt-users] SMTP hole maybe - any ideas
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Thu Jun 5 07:47:27 2003
- Organization: nobaloney.net
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Ian wrote:
> Came across what seems like a weird exploit, which I am not sure is across all, or just
> generic to us.
I guess I'm a bit myopic, so far what you've explained doesn't sound
like an exploit.
> If we send an email to an email address that is located on our raq3 and send it from
> another email address that is also on the same raq3, then it is relayed without any
> prevention what so ever and without any POP3 account being polled as per the pop b4 smtp
> system.
I'm not sure what you mean. You say you're using the server to send to
an email address on the same server? That's not relaying; that's local
delivery.
> It seems that if a person knows of domains on a server, they could send emails purporting
> to come from other users on the ssame server without any problem what so ever.
Anyone can connect to your mail server to send mail to accounts on your
server. If they couldn't then your server couldn't receive email from
anyone.
Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";