[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IMPORTANT!!! Possible open relay bug in Zmailer!!



Good morning (1 am, local),

On Thu, Feb 20, 2003 at 05:46:55PM -0500, Luke Galea wrote:
> Thanks for the quick response.
> I have:
>   PARAM policydb $DBTYPE $MAILVAR/db/smtp-policy 
> In my smtpserver.conf
> 
> And my rules are setup to not allow open relay. The issue here is that I
> do allow messages to the local box.. but for some reason if there is a
> percent sign in the "rcpt to", after accepting the message (as my policy
> says to..) it then seems to convert the percent into an @ and relay the
> msg.. 

Which ZMailer version you have ?
You haven't mentioned that detail yet..

Lattest tarball is now available at:
  ftp://ftp.funet.fi/pub/unix/mail/zmailer/src/zmailer-2.99.56-pre4.tar.gz

with that I have encountered a bit of trouble with OpenSSL 0.9.7 in
RedHat 8.0 system.  CVS has fixes for it, if you need.

> I did a few searches and found this referenced as a PERCENT HACK..

Yes, that is it.

> Should I send my smtp-policy.src?? Or have I done something else to
> screw this up..?? I am pretty certain my policies are fine.

You could send all   $MAILVAR/db/smtp-policy.*  source files
to me, as the problem could be e.g.  a lone "." in  smtp-policy.relay*
files.  NOTE: send to _me_, not to the list, unless you want to publish
them.  (Not that there should be any data endangering your system
security.)


You could test that system yourself by following the instructions in file
  doc/guides/smtp-policy

there is also a lot more about how various sub-components of smtp-policy
subsystem work, and what should be put where, even what must not be put!

Same testing is described also at:
  http://www.zmailer.org/zman/zins-sysconfig.html#ZINS.TESTING.SMTPSERVER1

> Thanks
> 
> Luke Galea 
> Software Development
> BlueCat Networks
> 905-762-5225

-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi