Re: M$ Exchange -> qmail

Timothy L. Mayo Mon, 2 Aug 1999 09:29:27 -0700
On Mon, 2 Aug 1999, Peter C. Norton wrote:

> On Mon, Aug 02, 1999 at 12:41:31PM -0400, Timothy L. Mayo wrote:
> > ETRN DOES require the server to open a NEW SMTP connection to the domain
> > that is being transferred.  THAT IS THE DIFFERENCE BETWEEN ETRN AND TURN.
> > Please go back and reread the RFCs.  ETRN IS secure.
> > 
> > RFC 1985, Section 3, third paragraph:
> > 
> > "The security loophole is avoided by asking the server to start a new
> > connection aimed at the specified client."
> > 
> > > but this is not the case (and can not be, as RFC1985 section 5 says
> > > the given domain is allowed to resolve to only an MX, hence is allowed
> 
> Could you clarify one thing for me:
> 
> If I am [EMAIL PROTECTED], and I want to get all mail for
> victim.org, what would happen in the following scenario:
> 
> I have root privliges for attacker.org, and for the purpose of attack
> I will accept mail destined for victim.org.
> 
> I issue an ETRN command, with the @host extention, and wait for email
> to come to my mailboxes at attacker.org.
> 
> I don't see any restrictions in the rfc regarding how host selection
> happens, so I infer from the rfc that it's based on the 'helo'.  Is
> this right?  Does ETRN work this way?

No, destination selection is done using DNS or using the override
mechanism on the SERVER. (for qmail, this would be
/var/qmail/control/smtproutes).  You can do whatever you wish on
attacker.org and unless you can hi-jack the DNS or in my case, get root
access to the server, you will NEVER receive the mail for ANY of my ETRN
customers.

ETRN says attempt to resend the mail for domain now.  It says NOTHING
about where to send it.  The server is expected to use its normal queue
processing to send the mail (ie. normal destination IP determination;
normal SMTP communication - new connections, not the existing one; etc.)

> 
> 
> -- 
> The 5 year plan:
> In five years we'll make up another plan.
> Or just re-use this one.
> 

---------------------------------
Timothy L. Mayo                         mailto:[EMAIL PROTECTED]
Senior Systems Administrator
localconnect(sm)
http://www.localconnect.net/

The National Business Network Inc.      http://www.nb.net/
One Monroeville Center, Suite 850
Monroeville, PA  15146
(412) 810-8888 Phone
(412) 810-8886 Fax
Re: M$ Exchange -> qmail

Reply via email to
