Re: [iMS] Relay?

Tue, 15 Oct 2002 18:24:32 -0700 

If that was not the real user relaying the mail then, yes, it's a spoof.  That's why 
we implemented smtp authentication
here.

Regards,

Howie

----- Original Message -----
From: <[EMAIL PROTECTED] (paul smith)>
To: "inFusion Support List" <[EMAIL PROTECTED]>
Sent: Tuesday, October 15, 2002 9:42 PM
Subject: [iMS] Relay?


> The original RCPT.CFM from FusionMail 1 contains the following:
>
> =========================
> <!--- here we need to see if the sender of the mail is local to the iMS
> server --->
> <cfset username=#smtpfrom#>
> <cfset AmpPos=find("@",username,"1")>
> <cfif AmpPos gt 0>
> <cfset username=left(username,evaluate(AmpPos-1))>
> </cfif>
> <cfquery name="getlocalsender" datasource="#iMS#">
> SELECT DISTINCT pops.accountnum
> FROM ((pops INNER JOIN aliases ON pops.accountnum=aliases.accountnum)
> INNER JOIN domainaliases ON pops.domain=domainaliases.domainid)
> INNER JOIN domains ON pops.domain=domains.domainid
> WHERE aliases.alias='#username#'
> AND domainaliases.domain='#fromdomain#'
> AND domains.domaintype=1
> </cfquery>
>
> <cfif getlocalsender.recordcount gt 0>
> <inlog text="relay was sent from rcpt.cfm">
> <cfoutput>
> <inlog text="user name = #username#">
> </cfoutput>
> result=relay
> <cfabort>
> <cfelse>
> ===================================
>
> where I reformatted it a bit some time ago and added 2 log entries.
>
> Today I notice my SMTP log contains many of the following:
>
> =================================
> 10/15/2002 06:30:37 PM [032] 66.123.210.58 [66.123.210.58] Disconnected (1
> total)
> 10/15/2002 06:30:53 PM [021] 66.123.210.58 [66.123.210.58] Connected (1 total)
> 10/15/2002 06:30:53 PM [021] relay was sent from rcpt.cfm
> 10/15/2002 06:30:53 PM [021] user name = HCH
> 10/15/2002 06:31:14 PM [021] RELAY 66.123.210.58 [66.123.210.58]
> <[EMAIL PROTECTED]> "daniel
> relationshipsthatwork.com"@hypnotherapytraining.com 510576
> 10/15/2002 06:31:14 PM [021] 66.123.210.58 [66.123.210.58] Disconnected (1
> total)
> 10/15/2002 06:31:20 PM [003] 66.123.210.58 [66.123.210.58] Connected (1 total)
> 10/15/2002 06:31:21 PM [003] MAIL 66.123.210.58 [66.123.210.58] <>
> [EMAIL PROTECTED] 473
> ==============================
>
> where [EMAIL PROTECTED] is an account on iMS
>
> Is this demonstrating that someone can spoof an iMS account address and
> relay mail thru iMS?
> (Note that the login name and alias for the account
> [EMAIL PROTECTED] are the same, namely "HCH")
>
> best,  paul
>
==^=======================================================
     This list server is Powered by iMS
   "The Swiss Army Knife of Mail Servers"
   --------------------------------------
To leave this list please complete the form at 
http://www.coolfusion.com/iMSSupport.cfm
Need an iMS Developer license?  Sign up for a free license here:
http://www.coolfusion.com/iMSDevelopers.cfm
List archives: http://www.mail-archive.com/infusion-email%40eoscape.com/
Note: You are subscribed as [email protected]
==^=======================================================

Reply via email to