Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2
From: roberto () EUROCONTROL FR (Ollivier Robert)
Date: Mon, 19 Jul 1999 18:33:17 +0200

According to David Luyer:
Users of sendmail 8.9.x of course have no problem, neither do those who
have updated their mail relay prevention rulesets recently, but I think
there are enough RedHat 5.0, 5.1 and 5.2 users who are unaware of the
problem to make it worth sending this out.

Note that both Postfix and qmail are immune to this problem even though the
smtpd daemon answer "250" to the RCPT TO command. Due ot the architecture
of both programs, smtpd has no way to validate or not the "user" part of
the address and the mail will bounce (i.e. il will NOT be relayed).

Exim doesn't seem to be vulnerable (dixit P. Hazel in a discussion accross
postfix and exim mailing-lists).

Ollivier ROBERT -=- Eurocontrol EEC/TEC -=- roberto () eurocontrol fr
The Postman hits! The Postman hits! You have new mail.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]