Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2
From: daniele () ORLANDI COM (Daniele Orlandi)
Date: Sat, 24 Jul 1999 13:37:56 +0200


Matt Dunn wrote:

Actually, the default install of 8.9.3 does NOT in and of itself fix this
problem. I'm looking into the rulesets that will specifically handle this.

The vulnerable rules seem to be the ones from Claus Aussman and many derived
from them, including a set of rules I wrote by myself.
I fixed them by replacing the part which checks for a local recipient with the
more complex set from RedHat 6.0 that appears to take care of dequoting the
recipient address.

I hope this could be of help for users of home-made rules.

# remove local part, maybe repeatedly
R$*<@$=w.>$*                    $>3 $1 $3
# If you want to use RelayTo uncomment the following line
R$*<@$*$={RelayTo}.>$*          $>3 $1 $4
R$*<@$+>$*                      $#error $@ 5.7.1 $: "571 Relay denied"

--------------------Replace with:

# remove local part, maybe repeatedly
R$+                             $:$>removelocal $1
# still something left?
R$*<@$+>$*                      $#error $@ 5.7.1 $: "571 Relay denied"

Sremovelocal
# remove RelayTo part (maybe repeatedly)
R$*<@$*$={RelayTo}.>$*          $>3 $1 $4
R$*<@$=w.>$*                    $: $>removelocal $>3 $1 $3
R$*<@$*>$*                      $@ $1<@$2>$3
# dequote local part
R$-                             $: $>3 $(dequote $1 $)
R$*<@$*>$*                      $: $>removelocal $1<@$2>$3

Bye!

--
 Daniele

-------------------------------------------------------------------------------
 Daniele Orlandi - Utility Line Italia
 Via Mezzera 29/A - 20030 - Seveso (MI) - Italy
-------------------------------------------------------------------------------



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]