Tuesday, November 26, 2002 you wrote: > Using special delimiters, it is possible to trick the SMTP service > into relaying:RCPT TO:[EMAIL PROTECTED]
It is not possible in my testing unless the sender is authenticated or coming from an approved IP. In practice this seems to be a minimal and manageable problem except in the case where a backup MX is in the approved IP list. Then such a message can be relayed by the primary IMAIL server by sending the message through the backup MX server. Note that this is not restricted to only IMAIL servers used as backups. > Is there any way to prevent this by changing the default delimiters? The solution is to disallow relaying by backup MX servers. This also applies to store and forward servers of course. For instance if you had MS smtp server on your same network and it was a backup MX to your IMAIL server AND your network was listed in your relay list then someone could send a message through the backup and it would be relayed by the primary. I do not believe changing the delimiter would work because the issue is more about the characters that can be used in the name portion of the address. Another solution is to employ DECLUDE's probes test and set the action to hold. (See http://www.declude.com/ ) In fact this is the only solution I can contemplate if you have to allow relaying for a backup mx. > Any comments? This issue has been discussed and debated ad nauseam on the list. The majority opinion seems to be: 1) it is really not a vulnerability despite appearances 2) a "fix" would compromise the rfc for addresses 3) just do not allow relay from a backup MX 4) A warning should be added to the KB pages that deal with setting up a secondary server In practice I've never observed a single piece of actual SPAM attempted through my servers using this method. However, I do record and block several attempts each month (12 or so) by various open relay tests and they usually attempt to send by both primary and secondary. So if you get caught on one of these then you will become blacklisted as an open relay. HTH - Terry Fritts To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
