Wow, that's a nasty DOS trick. How can an attacker achieve this against James? It seems if you have specified <servernames> for domains you consider for local delivery, an outsider cannot do this to your server. But if one of your users (unwittingly) attempts to send mail to a domain whose MX record returns 127.0.0.1, you could be in trouble. Is this correct?
If that's the case, should James exercise more caution about use of loopback addresses? In other words, don't send to any address in 127.0.0.0/8 space unless it was expressed explicitly as an IP address in the config, and not if it came from a resolved hostname. ? -broc > -----Original Message----- > From: Lahu [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 15, 2005 6:47 AM > To: James Users List > Subject: Re: Urgent: Spam Backdoor in James? > > > I had a lot of problem identifying those domains who > had a published MX record of 127.0.0.1 and 127.0.0.1 > was in my authorized addresses list...! > so basically, this seems somewhat like my scenario.. > James is receving the same msg again and again > therefore inserting more and more RECEIVED tags. > > Regards, > Lahu --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
