Your question is not related to vpopmail in any way. I will assume that
it's a qmail question and advise that you take any further
correspondence with this post to the qmail list.
That being said:
On Mon, 2004-11-01 at 15:47 -0800, Bill Sappington wrote:
I seem to have discovered a relay vulnerability. It seems that a rcpt
to: in the form of,
spamlart.homeunix.org!spamtest65.223.68.197
Gets past. Any idea's??
Right. There's no @. qmail will accept the message, try to deliver it
locally to the value of the control/defaultdomain file (or control/me if
the former doesn't exist), and subsequently bounces the message.
Regardless, where would you expect that message to go? The envelope
recipient has no information that would make qmail know where to deliver
it.
This is not a vulnerability. qmail is not doing anything bad here.
-Jeremy
--
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
[EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l
kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc
signature.asc
Description: This is a digitally signed message part
