Looks like a bug in the address parser. That's too bad -- I just rewrote that code! Oh well, I'll get it fixed.
Thanks for reporting this! -- Sam Clippinger On 7/11/10 11:11 PM, Chris Boulton wrote: > Hi folks, > > After a recent scan of our servers (having only just deployed > spamdyke), we've discovered what we believe is a security issue with > spamdyke which will allow open relaying. > > It looks like the issue has to do with multiple recipients being > specified in the RCPT TO line, and the first recipient being just a > valid host in the rcpthosts. The end result is that mail will be sent > through to whatever other addresses are specified. > > Setup is as follows: > > ~$ cat /var/qmail/control/rcpthosts > example.com > > ~$ cat /etc/spamdyke/spamdyke.conf > local-domains-file=/var/qmail/control/rcpthosts > relay-level=normal > smtp-auth-level=observe > > ~$ telnet localhost smtp > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > 220 localhost ESMTP > MAIL FROM: [email protected] > 250 ok > RCPT TO:<@example.com:[email protected]> > 250 ok > DATA > 354 go ahead > Subject: Test > > Test body > . > 250 ok 1278906723 qp 27089 > > Regards, > > Chris Boulton > Lead Engineer > BigCommerce / Interspire > > Email: [email protected] > Web: http://www.bigcommerce.com > Web: http://www.interspire.com > > Australia: +61 2 9262 7770 > USA: 1800 939 5570 > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
