Home page logo

bugtraq logo Bugtraq mailing list archives

NTmail exploit
From: "Geo." <georger () nls net>
Date: Mon, 18 Sep 2000 08:51:35 -0400

I saw someone report an exploit for NTmail version 3 and just wanted to post
that it's possible to use this againt NTmail version 5e and 5g as well.

Basically the exploit is this, NTmail has a "local mail only" feature where
either the from or to address must be a locally hosted address. This feature
is totally broken in that if you use

mail from; <-note semi-colon instead of colon

NTmail will pass the mail with a non-local TO address and in doing so
totally hoses up the from address.

What this means is that every NTmail server on the net that is not limited
by an IP address range is a wide open relay.

Cure: Open the web configuration interface, go to "incoming" then to the
"redirect" tab and add a new rule. In the "mail clause" field type in
"from;*" without the quotes and then set it to either refuse or redirect the
mail as you like.

I tried to post this to the NTmail support list but it is a moderated list
and Gordano refuses to allow the message to pass in order to warn all NTmail
admins. So I'm posting this to the security lists in order to get
notification of the exploit and at least one possible fix out to as many
people as possible. I'm still talking to Gordano but at this time it doesn't
look like they are going to fix this.


  By Date           By Thread  

Current thread:
  • NTmail exploit Geo. (Sep 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]