On Mon, Aug 02, 1999 at 12:41:31PM -0400, Timothy L. Mayo wrote:
> ETRN DOES require the server to open a NEW SMTP connection to the domain
> that is being transferred. THAT IS THE DIFFERENCE BETWEEN ETRN AND TURN.
> Please go back and reread the RFCs. ETRN IS secure.
>
> RFC 1985, Section 3, third paragraph:
>
> "The security loophole is avoided by asking the server to start a new
> connection aimed at the specified client."
>
> > but this is not the case (and can not be, as RFC1985 section 5 says
> > the given domain is allowed to resolve to only an MX, hence is allowed
Could you clarify one thing for me:
If I am [EMAIL PROTECTED], and I want to get all mail for
victim.org, what would happen in the following scenario:
I have root privliges for attacker.org, and for the purpose of attack
I will accept mail destined for victim.org.
I issue an ETRN command, with the @host extention, and wait for email
to come to my mailboxes at attacker.org.
I don't see any restrictions in the rfc regarding how host selection
happens, so I infer from the rfc that it's based on the 'helo'. Is
this right? Does ETRN work this way?
--
The 5 year plan:
In five years we'll make up another plan.
Or just re-use this one.
