[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user@[x.x.x.x] reject policy: how?




It seems that there are several other policy failure modes for
MAIL FROM: formats that could conceivably be exploited by spammers
and or ORBS type testers in future.

In particular, some older versions of zmailer (i.e. 2.99.50.s5 series) 
can pass as OK the following syntax forms (in addition to [x.x.x.x] where
x.x.x.x is the zmailer smtpserver IP address ):

MAIL FROM: <sender@localhost>
MAIL FROM: <sender@[127.0.0.1]>

and possibly these as well (although they may be trapped by other policy
decisions later on):

MAIL FROM: <sender@[192.168.1.1]>	(and in general any private IP set)
MAIL FROM: <sender@[Y.Y.Y.Y]>		(where Y.Y.Y.Y is any legit IP )


So I made a deliberate decision to just "ban" literal IP syntax for my
mail server environment completely (even though this now restricts my
server and diverges away from RFC compliance - but that's ok from my
aprticular viewpoint- I now have some additional comfort level with this
in relation to all this spam crap).

The relevent modified policytest.c to cover this and the localhost case in
the pt_mailfrom() subroutine is as follows (this is for 2.99.50.s5 ).
The general denial of literal IP will of course catch the [x.x.x.x]
case of the smtpserver itslef.


static int pt_mailfrom(rel, state, str, len)
struct policytest *rel;
struct policystate *state;
const char *str;
const int len;
{
        char *at;
    state->rcpt_nocheck  = 0;
    state->sender_reject = 0;
    state->sender_freeze = 0;

    /* LOCAL KLUDGE to fight off spammers/ORBS 		*/ 
    /* NOTE this completely denies literal IP formats! 	*/

    if (strstr(str,"@[")) {
        state->sender_norelay = 1;
        state->sender_reject = 1;
        return -1;
        }
    if (strstr(str,"@localhost")) {
        state->sender_norelay = 1;
        state->sender_reject = 1;
        return -1;
        }
     */ end of KLUDGE */


    if (state->always_reject)
        return -1;
    if (state->always_freeze)
        return 1;
    if (state->always_accept)
        return 0;

....

I'm not advocating that this be applied, but if you are
running a similar version and encounter a 3rd party relaying
problem with MAIL FROM: formats as listed above, you may
want to consider it.

Matti, does the current zmailer handle these 2 in particular?:

	MAIL FROM: <sender@localhost>
	MAIL FROM: <sender@[127.0.0.1]>


Cheers,
--
James S. MacKinnon           Office: P-139 Avadh-Bhatia Physics Lab
Team Physics                 Voice : (780) 492-8226 [old AC 403]
University of Alberta        email : Jim.MacKinnon@Phys.UAlberta.CA
Edmonton, Canada T6G 2N5     WWW   : http://www.phys.ualberta.ca/