[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IMPORTANT!!! Possible open relay bug in Zmailer!!

To: "Matti Aarnio" <mea@nic.funet.fi>
Subject: RE: IMPORTANT!!! Possible open relay bug in Zmailer!!
From: "Luke Galea" <lgalea@bluecatnetworks.com>
Date: Fri, 21 Feb 2003 11:32:35 -0500
Cc: <zmailer@nic.funet.fi>
Original-Recipient: rfc822;zmailer-log@nic.funet.fi
Sender: zmailer-owner@nic.funet.fi
Thread-Index: AcLZN5nCFFiZYhQ1TAaOfTdni49TewAjmTzw
Thread-Topic: IMPORTANT!!! Possible open relay bug in Zmailer!!

I think I have some clue as to why this might be occurring..
I am definitely using a new enough version to have that fix.. 

I am using the Debian package of 2.99.55-3

Where I think the problem might be is that I was having some problems
using the aliasing where you alias all users at some domain to a single
user (ie. everyone@olddomain.com to oldemails@newdomain.com).

In order to get that to work I made some minor (1 character??) change in
one of the cf files. I think I was tipped off to this change by some
posting in this group. This is the only reason that I can't think of how
our server is different than the default (except our policies, etc..).

I am going to send you our entire /etc/zmailer directory in a private
msg.. Thanks so much for your help!

Luke Galea 
Software Development
BlueCat Networks
905-762-5225

-----Original Message-----
From: Matti Aarnio [mailto:mea@nic.funet.fi] 
Sent: February 20, 2003 6:27 PM
To: Luke Galea
Cc: zmailer@nic.funet.fi
Subject: Re: IMPORTANT!!! Possible open relay bug in Zmailer!!

Good morning (1 am, local),

On Thu, Feb 20, 2003 at 05:46:55PM -0500, Luke Galea wrote:
> Thanks for the quick response.
> I have:
>   PARAM policydb $DBTYPE $MAILVAR/db/smtp-policy 
> In my smtpserver.conf
> 
> And my rules are setup to not allow open relay. The issue here is that
I
> do allow messages to the local box.. but for some reason if there is a
> percent sign in the "rcpt to", after accepting the message (as my
policy
> says to..) it then seems to convert the percent into an @ and relay
the
> msg.. 

Which ZMailer version you have ?
You haven't mentioned that detail yet..

Lattest tarball is now available at:

ftp://ftp.funet.fi/pub/unix/mail/zmailer/src/zmailer-2.99.56-pre4.tar.gz

with that I have encountered a bit of trouble with OpenSSL 0.9.7 in
RedHat 8.0 system.  CVS has fixes for it, if you need.

> I did a few searches and found this referenced as a PERCENT HACK..

Yes, that is it.

> Should I send my smtp-policy.src?? Or have I done something else to
> screw this up..?? I am pretty certain my policies are fine.

You could send all   $MAILVAR/db/smtp-policy.*  source files
to me, as the problem could be e.g.  a lone "." in  smtp-policy.relay*
files.  NOTE: send to _me_, not to the list, unless you want to publish
them.  (Not that there should be any data endangering your system
security.)

You could test that system yourself by following the instructions in
file
  doc/guides/smtp-policy

there is also a lot more about how various sub-components of smtp-policy
subsystem work, and what should be put where, even what must not be put!

Same testing is described also at:

http://www.zmailer.org/zman/zins-sysconfig.html#ZINS.TESTING.SMTPSERVER1

> Thanks
> 
> Luke Galea 
> Software Development
> BlueCat Networks
> 905-762-5225

-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

Prev by Date: Re: IMPORTANT!!! Possible open relay bug in Zmailer!!
Next by Date: TLS (smtpserver): TLS engine: cannot load DH parameters from our cert file
Prev by thread: RE: IMPORTANT!!! Possible open relay bug in Zmailer!!
Next by thread: TLS (smtpserver): TLS engine: cannot load DH parameters from our cert file
Index(es):
- Date
- Thread