> -----Original Message----- > From: Boris Pavlov [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 19, 2005 5:45 PM > To: vchkpw@inter7.com > Subject: Re: [vchkpw] (Urgent) qmail-smtpd Bug !!!!!!!!! > > samir, > > you mean, you want to reject mail where from: and to: are from (the > same?) local domains, and the sender is not in permitted to relay?
NO Of course. > wwell edi > > Samir Noshy wrote: > > >>-----Original Message----- > >>From: Remo Mattei [mailto:[EMAIL PROTECTED] > >>Sent: Tuesday, April 19, 2005 5:21 PM > >>To: vchkpw@inter7.com > >>Subject: Re: [vchkpw] (Urgent) qmail-smtpd Bug !!!!!!!!! > >> > >>Dude this is normal behavior. > >> > >> > > > > > >No I don't think so, It is a big security issue. > > > > > > > > > > > >>----- Original Message ----- > >>From: "Samir Noshy" <[EMAIL PROTECTED]> > >>To: "Qmail List" <qmail@list.cr.yp.to>; "[EMAIL PROTECTED] Com" > >><vchkpw@inter7.com> > >>Sent: Tuesday, April 19, 2005 9:24 AM > >>Subject: [vchkpw] (Urgent) qmail-smtpd Bug !!!!!!!!! > >> > >> > >> > >> > >>>Hi Everybody, > >>> > >>>I have a system consists of qmail 1.03 and vpopmail-5.4.9 and > >>>courier-imap-4.0.2 and SM and QS. > >>> > >>>I think that there is a bug in the qmail-smtpd. > >>> > >>>the bug that I can send mail as/from a local account to any > >>> > >>> > >>other local > >> > >> > >>>account Although I use SMTP auth provided by : > >>>http://www.fehcom.de/qmail/smtpauth.html. > >>> > >>>smtpd and SMTP Auth. must prevent anyone to Impersonate > >>> > >>> > >>and send mail > >> > >> > >>>from > >>>an Local Account other than his Local Account to any other > >>> > >>> > >>Local account. > >> > >> > >>>Imagine that I host the two domains: companyXX.com and > >>> > >>> > >>companyYY.com for > >> > >> > >>>example. > >>> > >>>So , an any person who did not belong to companyXX.com can > >>> > >>> > >>Impersonate as > >> > >> > >>>[EMAIL PROTECTED] and send a formal email - w/o > authenticating of > >>>course - to [EMAIL PROTECTED] or [EMAIL PROTECTED] > >>> > >>>I want to do that to prevent any other third party - or > >>> > >>> > >>even any local > >> > >> > >>>account users- to Impersonate and send mail from an other > >>> > >>> > >>Local Account to > >> > >> > >>>any other Local account. > >>> > >>>By the way; My /var/qmail/supervise/qmail-smtpd/run as follow : > >>> > >>> > >>> > >>>#!/bin/sh > >>> > >>># when QMAILQUEUE is set, all mail will be sent to the > >>> > >>> > >>nominated script > >> > >> > >>>QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export > QMAILQUEUE > >>> > >>>QMAILDUID=`id -u vpopmail` > >>> > >>>QMAILDGID=`id -g vchkpw` > >>> > >>>exec /usr/local/bin/softlimit -m 15000000 \ > >>> > >>> > >>/usr/local/bin/tcpserver \ > >> > >> > >>>-v -x /etc/tcp.smtp.cdb \ > >>> > >>>-c 20 -R -u "$QMAILDUID" -g "$QMAILDGID" 0 smtp \ > >>>/usr/local/bin/rblsmtpd -b -C \ > >>> > >>>-r 'relays.ordb.org:Your message was rejected because the > >>> > >>> > >>mail server you > >> > >> > >>>use is configured to allow OPEN RELAY - More detailed information > >>>regarding this problem is available from > >>>http://www.ordb.org/lookup/?host=%IP% > >>><http://www.ordb.org/lookup/?host=%IP%> - Please forward > >>> > >>> > >>this error > >> > >> > >>>through > >>>to your email server support staff for easy resolution.' \ > >>> > >>>-r 'list.dsbl.org:Your message was rejected because the > >>> > >>> > >>message was sent > >> > >> > >>>from a server listed in DSBL - More information regarding > >>> > >>> > >>this problem is > >> > >> > >>>available at http://dsbl.org/listing?%IP% > >>>http://dsbl.org/listing?%IP%> - Please forward this error to your > >>>email server support staff for resolution.' \ > >>> > >>>-r 'sbl-xbl.spamhaus.org:Your message was rejected because > >>> > >>> > >>the message was > >> > >> > >>>sent from a server listed in the Spamhaus RBL - More > >>> > >>> > >>information regarding > >> > >> > >>>this problems is available at > >>> > >>> > >>http://www.spamhaus.org/query/bl?ip=%IP% > >> > >> > >>><http://www.spamhaus.org/query/bl?ip=%IP%> - Please > >>> > >>> > >>forward this error to > >> > >> > >>>your email server support staff for resolution.' \ > >>> > >>>/var/qmail/bin/qmail-smtpd \ > >>> > >>>/home/vpopmail/bin/vchkpw /bin/true 2>&1 > >>> > >>> > >>> > >>>Can anyone help me to work around this problem ???? > >>> > >>> > >>>Best Regards. > >>> > >>>Samir Noshy > >>> > >>> > >>> > >>> > >>> > > > > > > > > > >
