It is rumored that on or about 2002-07-11 2:59 PM -0700, Warren Michelsen wrote as follows: >> >However, it looks to me like SIMS does a lookup on >>xxxxxxx.eton.ca, finds the IP is its own, and does not find a >>router entry blocking xxxxxxx.eton.ca, and so is quite happy to >>accept the mail. > >I can understand it accepting the mail for delivery from you, on a >known, trusted client IP address, and dutifully trying to send it on >to its destination. Why would it accept such mail from a non-client >IP?
It looks to me like SIMS will accept mail from any non-blacklisted IP that is deliverable to a domain *that resolves to its own IP* (as your client from hell does). Your problem is not SIMS but the rogue DNS entry that points to your mail server. A single router entry will stop it. >> >Of course the mail was undeliverable as was the automated SIMS >>bounce so now I have 2 entries in my queue, both failed. All they >>are doing is consuming disk space because SIMS has finished with >>them both. >> > >> >As to whether this is a huge DOS hole, I don't think so, because >>unless the mail is addressed to a domain with a valid DNS entry >>that resolves to your mail server IP, it will never even arrive! > >Oh? What would happen if mail was addressed to a nonexistent account >at the IP address <bogus@[192.168.1.1]>? Would it be rejected? On your server, it appears that the answer is yes! Viz: >telnet clientfromhell.com 25 >Trying 209.145.196.198... >Connected to clientfromhell.com. >Escape character is '^]'. >220-Stalker Internet Mail Server V.1.8b9d11 is ready. >220 ESMTP is spoken here. You are welcome >helo mail.eton.ca >250 MDCCLXXVI.com is pleased to meet you >MAIL FROM: [EMAIL PROTECTED] >250 [EMAIL PROTECTED] sender accepted >RCPT TO: bogus@[192.168.1.1] >571 bogus@[192.168.1.1] we do not relay. >quit >221 MDCCLXXVI.com closing connection >Connection closed by foreign host. -- Neil Neil Herber, RGD Corporate info at http://www.eton.ca/ Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1 Tel: (613) 829-4668 ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
