This is my second attempt to post this message. I suspect Declude swallowed my first, due to the very issue I'm trying to report here :( Also, this is NOT encouraging... > Unknown user: [EMAIL PROTECTED] Here's my original post, I had to manually block my secondary MX host from sending to my primary to get out of ORBZ in order to send this :( ----- Original Message ----- From: "Mike Lewinski" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, September 18, 2001 4:29 PM Subject: Imail 7.03 anti-relay provisions have a hole I don't know if this has been noted before, Imail 7.03 appears to have a vulnerability allowing anyone to relay through a backup MX host. This happens with the syntax: [EMAIL PROTECTED] where munged.com is a local domain, and external.com is a domain we should not be relaying for. 1) Primary and secondary MX hosts are both configured to relay for local addresses only (Using "relay mail for [addresses]") under the SMTP security tab. 2) Secondary MX host improperly accepts mail that should be rejected. Primary MX host then relays due to inherent trust relationship between the two. 3) Both are running latest 7.03 E.G., from an outside IP address if I do this: $ telnet 10.10.10.1 25 Trying 10.10.10.1... Connected to 10.10.10.1. Escape character is '^]'. 220 X1 NT-ESMTP Server mail.munged.com (IMail 7.03 7-1) ehlo me.outsidedomain.com 250-mail.munged.com says hello 250-SIZE 0 250-8BITMIME 250-DSN 250-ETRN 250 EXPN mail from:<[EMAIL PROTECTED]> 250 ok rcpt to:<[EMAIL PROTECTED]> 250 ok its for <[EMAIL PROTECTED]> data 354 ok, send it; end with <CRLF>.<CRLF> From: Me <[EMAIL PROTECTED]> To: You <[EMAIL PROTECTED]> Subject: relay test this is BAD . 250 Message queued quit 221 Goodbye Connection closed by foreign host. ----------- me%external.com is on an outside host that we shouldn't be relaying for, yet it is receiving this mail. As a result we've been listed in orbz.org :( Note that the primary server will reject [EMAIL PROTECTED] if sent directly to it. This sucks :( Mike Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
