On Sat, 4 Sep 1999, Wietse Venema wrote:
Whatever reasoning the poster used, it is invalid with any reasonable
mail system, because it is the mail system that chooses the bounce
message originator address; the bounce message originator address
is not under control by the attacker.
In other
On Thu, Sep 02, 1999 at 12:01:40PM -0700, Technical Incursion Countermeasures wrote:
You can do a variation on this one (well sort opf - is a logstanding prob)
basically find two sites whose FW is conf'd to accept all mail and forward
it to the real mailserver. If this mailserver bounces
Scenario: mail from non-existent@domain1 to non-existent@domain2,
through SMTP servers that accept mail for non-existent addresses.
The poster suggests that the resulting bounce message will loop.
However, the poster fails to reveal the reasoning behind this.
Whatever reasoning the poster used,
You can do a variation on this one (well sort opf - is a logstanding prob)
basically find two sites whose FW is conf'd to accept all mail and forward
it to the real mailserver. If this mailserver bounces invalid addresses
then you're on your way...
spoof a mail from an invalid address on one
-- Forwarded message --
Date: Mon, 30 Aug 1999 21:08:14 +0200
From: Hakan Franzen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: I found this today and iam reporting it to you first!!!
Target: TFS mail system 4 (i think its working on earlier version aswell) (TFS just
got