[iMS] Relay?

Tue, 15 Oct 2002 18:17:49 -0700 

The original RCPT.CFM from FusionMail 1 contains the following:

=========================
<!--- here we need to see if the sender of the mail is local to the iMS 
server --->
        <cfset username=#smtpfrom#>
        <cfset AmpPos=find("@",username,"1")>
        <cfif AmpPos gt 0>
                <cfset username=left(username,evaluate(AmpPos-1))>
        </cfif>
        <cfquery name="getlocalsender" datasource="#iMS#">
                SELECT DISTINCT pops.accountnum
                FROM ((pops INNER JOIN aliases ON pops.accountnum=aliases.accountnum)
                INNER JOIN domainaliases ON pops.domain=domainaliases.domainid)
                INNER JOIN domains ON pops.domain=domains.domainid
                WHERE aliases.alias='#username#'
                AND domainaliases.domain='#fromdomain#'
                AND domains.domaintype=1
        </cfquery>

        <cfif getlocalsender.recordcount gt 0>
                <inlog text="relay was sent from rcpt.cfm">
                <cfoutput>
                <inlog text="user name = #username#">
                </cfoutput>
                result=relay
                <cfabort>
        <cfelse>
===================================

where I reformatted it a bit some time ago and added 2 log entries.

Today I notice my SMTP log contains many of the following:

=================================
10/15/2002 06:30:37 PM [032] 66.123.210.58 [66.123.210.58] Disconnected (1 
total)
10/15/2002 06:30:53 PM [021] 66.123.210.58 [66.123.210.58] Connected (1 total)
10/15/2002 06:30:53 PM [021] relay was sent from rcpt.cfm
10/15/2002 06:30:53 PM [021] user name = HCH
10/15/2002 06:31:14 PM [021] RELAY 66.123.210.58 [66.123.210.58] 
<[EMAIL PROTECTED]> "daniel 
relationshipsthatwork.com"@hypnotherapytraining.com 510576
10/15/2002 06:31:14 PM [021] 66.123.210.58 [66.123.210.58] Disconnected (1 
total)
10/15/2002 06:31:20 PM [003] 66.123.210.58 [66.123.210.58] Connected (1 total)
10/15/2002 06:31:21 PM [003] MAIL 66.123.210.58 [66.123.210.58] <> 
[EMAIL PROTECTED] 473
==============================

where [EMAIL PROTECTED] is an account on iMS

Is this demonstrating that someone can spoof an iMS account address and 
relay mail thru iMS?
(Note that the login name and alias for the account 
[EMAIL PROTECTED] are the same, namely "HCH")

best,  paul

==^=======================================================
     This list server is Powered by iMS
   "The Swiss Army Knife of Mail Servers"
   --------------------------------------
To leave this list please complete the form at 
http://www.coolfusion.com/iMSSupport.cfm
Need an iMS Developer license?  Sign up for a free license here:
http://www.coolfusion.com/iMSDevelopers.cfm
List archives: http://www.mail-archive.com/infusion-email%40eoscape.com/
Note: You are subscribed as [email protected]
==^=======================================================

Reply via email to