[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IMPORTANT!!! Possible open relay bug in Zmailer!!



A search found this you mentioned this:

Version 2.99.50-s19:
Do <bar%foo.fi%mea.tmt.tele.fi@[127.0.0.1]> processing
      fully, and detect that  "foo.fi"  is not acceptable
      target domain...  (For RCPT TO, that is..)

But we are running 2.99.55-3!!!

Luke Galea 
Software Development
BlueCat Networks
905-762-5225
 

-----Original Message-----
From: Luke Galea 
Sent: February 20, 2003 5:47 PM
To: Matti Aarnio
Cc: zmailer@nic.funet.fi
Subject: RE: IMPORTANT!!! Possible open relay bug in Zmailer!!

Thanks for the quick response.

I have:

PARAM policydb $DBTYPE $MAILVAR/db/smtp-policy 

In my smtpserver.conf

And my rules are setup to not allow open relay. The issue here is that I
do allow messages to the local box.. but for some reason if there is a
percent sign in the "rcpt to", after accepting the message (as my policy
says to..) it then seems to convert the percent into an @ and relay the
msg.. 

I did a few searches and found this referenced as a PERCENT HACK..


Should I send my smtp-policy.src?? Or have I done something else to
screw this up..?? I am pretty certain my policies are fine.

Thanks

Luke Galea 
Software Development
BlueCat Networks
905-762-5225
 

-----Original Message-----
From: Matti Aarnio [mailto:mea@nic.funet.fi] 
Sent: February 20, 2003 5:37 PM
To: Luke Galea
Cc: zmailer@nic.funet.fi
Subject: Re: IMPORTANT!!! Possible open relay bug in Zmailer!!

On Thu, Feb 20, 2003 at 04:50:31PM -0500, Luke Galea wrote:
> I have been alerted to what I think is a bug that leaves pretty much
any
> zmailer config open to relay... Has anyone else encountered this?

Very early ZMailer versions didn't have these anti-relay control
facilities, as early Internet didn't need them...  Once spammers
appeared into the network, things have changed radically.


At nic.funet.fi I get:

RCPT TO:<postmaster%zmailer.org@nic.funet.fi>
550 5.7.1 Your IP address [80.186.79.207] is not allowed to relay to
email
  address <postmaster%zmailer.org@nic.funet.fi> via our server; MX rule



> If I have a box called mail.test.com
> 
> And I have a session with it like this (forgive the syntax.. outlook
> likes to play with my typing):

Exact protocol transcript would help to validate what you are
trying to report.  Copy it as a text file, and supply as an attachment,
then even MS wonders don't mutilate it.

> Helo
> Mail from:whoever@wherever.com
> Rcpt
to:some_guy_who_should_never_get_this_message%aol.com@mail.test.com
> Data
> Yadaydyadyadya
> .
> 
> The problem is: some_guy_who_should_never_get_this_message@aol.com
> actually receives the message!!!!!
> 
> How can we prevent this? PLEASE HELP!!!

Do you have  smtp-server policy database ?
How have you configured it ?

In the source package  INSTALL  file the section number 12 is
all about doing this.

It is possible to disable all control functions, and thus have
the system to behave as an open relay.  From that section:

        The default  $MAILSHARE/smtpserver.conf  file REQUIRES use of
        the policy code, but you can disable that (and thus have wide-
        open doors for abuse -- but perhaps ok for intranet) stuff by
        commenting out line:  "PARAM policydb ..." in the file.

So yes, you can disable things, but you have been warned...

> Luke Galea 
> Software Development
> BlueCat Networks

-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi