At 9:06 PM -0400 9/17/01, Bill Cole wrote:
>...In looking at the ORBZ test sample, I suspect that the fix is
>simple: take ps00 out of the trusted client list on mail. As long as
>ps00 isn't trying to relay to the world through mail, it doesn't
>need to be in that list and all you get from adding it is this sort
>of openness. Sadly, spammers DO use this exact trick to pipe through
>other peoples' mail servers, so ORBZ is not just noting an obscure
>vulnerability that isn't a real risk.
Thanks Bill... I do see the "percent hack" in their test message. So
I removed ps00.west21.com (64.21.154.2) from the "client hosts" area
of my SMTP settings on mail.west21.com (204.89.131.70). Then I went
back to orbz and queued up another test. It still went through.
Is this now a SIMS issue? Are all SIMS secondary/primary server pairs
vulnerable?
Here are the headers from their two test messages...
<<<<<<<<<<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>>>>>>>
Last Relayed Output Message
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 12569 invoked by uid 0); 17 Sep 2001 18:41:28 -0000
Received: from unknown (HELO 64.21.154.2) (64.21.154.2) by
205.231.149.25 with SMTP; 17 Sep 2001 18:41:28 -0000
Received: from [205.231.149.53] (HELO orbz.org) by 64.21.154.2
(Stalker SMTP Server 1.8b7) with SMTP id S.0011143041 for
<[EMAIL PROTECTED]>; Mon, 17 Sep 2001 14:27:20 -0400
Message-ID: <[EMAIL PROTECTED]>
Date: Mon Sep 17 18:25:33 2001
From: ORBZ Tester <[EMAIL PROTECTED]>
Errors-To: ORBZ Tester <[EMAIL PROTECTED]>
To: ORBZ Relay Accepter <[EMAIL PROTECTED]>
Subject: ORBZ Relay Test
...
This test is using the following SMTP envelope:
MAIL FROM:<[EMAIL PROTECTED]> RCPT
TO:<[EMAIL PROTECTED]>
<<<<<<<<<<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>>>>>>>
Last Relayed Input Message
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 32696 invoked by alias); 18 Sep 2001 11:34:51 -0000
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 32693 invoked by uid 0); 18 Sep 2001 11:34:51 -0000
Received: from unknown (HELO mail.west21.com) (204.89.131.70) by
205.231.149.25 with SMTP; 18 Sep 2001 11:34:51 -0000
Received: from ps00.west21.com ([64.21.154.2] verified) by
mail.west21.com (Stalker SMTP Server 1.8b7) with ESMTP id
S.0004274568 for <[EMAIL PROTECTED]>; Tue, 18 Sep 2001
07:20:42 -0400
Received: from [205.231.149.53] (HELO orbz.org) by ps00.west21.com
(Stalker SMTP Server 1.8b7) with SMTP id S.0011144895 for
<[EMAIL PROTECTED]>; Tue, 18 Sep 2001 07:19:58 -0400
Message-ID: <[EMAIL PROTECTED]>
Date: Tue Sep 18 11:18:00 2001
From: ORBZ Tester <[EMAIL PROTECTED]>
Errors-To: ORBZ Tester <[EMAIL PROTECTED]>
To: ORBZ Relay Accepter <[EMAIL PROTECTED]>
Subject: ORBZ Relay Test
...
This test is using the following SMTP envelope:
MAIL FROM:<[EMAIL PROTECTED]>
RCPT TO:<[EMAIL PROTECTED]>
<<<<<<<<<<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>>>>>>>
So now what? ;-(
___Joe___
_________________________________________________
Joseph D'Andrea [EMAIL PROTECTED]
WEST21.com Internet services for the 21st Century
http://www.west21.com/
_________________________________________________
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
