Bug#212030: [MAILER-DAEMON@mailshell.com: failure notice]
FWIW, the submitter's address seems to be bogus, so don't bother trying to
contact him...I'd close this bug.
----- Forwarded message from MAILER-DAEMON@mailshell.com -----
Date: 21 Sep 2003 22:20:06 -0000
From: MAILER-DAEMON@mailshell.com
To: mdz@csh.rit.edu
Subject: failure notice
Hi. This is the qmail-send program at mailshell.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<dev120-amos-debian-bug@dev120.mailshell.com>:
<debian@amos.mailshell.com> is no longer active.
--- Below this line is a copy of the message.
Return-Path: <mdz@csh.rit.edu>
Received: (qmail 30350 invoked from network); 21 Sep 2003 22:20:05 -0000
Received: from unknown (HELO mailshell.com) (10.1.3.210)
by dev120.mailshell.com with SMTP; 21 Sep 2003 22:20:05 -0000
Received: (qmail 21025 invoked by uid 99); 21 Sep 2003 22:20:04 -0000
Received: (qmail 13289 invoked from network); 21 Sep 2003 22:20:03 -0000
Received: from unknown (HELO smtp01.mrf.mail.rcn.net) (207.172.4.60)
by mail.mailshell.com with SMTP; 21 Sep 2003 22:20:03 -0000
Received: from 216-15-124-77.c3-0.smr-ubr3.sbo-smr.ma.cable.rcn.com ([216.15.124.77] helo=mizar.alcor.net)
by smtp01.mrf.mail.rcn.net with esmtp (Exim 3.35 #4)
id 1A1CYz-00077b-00; Sun, 21 Sep 2003 18:20:17 -0400
Received: from mdz by mizar.alcor.net with local (Exim 3.36 #1 (Debian))
id 1A1CYl-0006jD-00; Sun, 21 Sep 2003 18:20:03 -0400
Date: Sun, 21 Sep 2003 18:20:03 -0400
From: Matt Zimmerman <mdz@debian.org>
To: Amos Shapira <debian-bug@amos.mailshell.com>, 212030@bugs.debian.org
Subject: Re: Bug#212030: apache: mod_proxy allows the world to use it - letting spammers bounce through it
Message-ID: <[🔎] 20030921222003.GP1360@alcor.net>
Mail-Followup-To: Matt Zimmerman <mdz@debian.org>,
Amos Shapira <debian-bug@amos.mailshell.com>,
212030@bugs.debian.org
References: <[🔎] 200309212002.h8LK2Ps5028513@smtp1.actcom.net.il>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[🔎] 200309212002.h8LK2Ps5028513@smtp1.actcom.net.il>
User-Agent: Mutt/1.5.4i
Sender: Matt Zimmerman <mdz@alcor.net>
X-Apparently-To: dev120-amos-debian-bug
X-JUNK1: -5
tags 212030 - security
thanks
On Sun, Sep 21, 2003 at 10:57:22PM +0300, Amos Shapira wrote:
> My guess is that the spammer somehow causes Apache to redirect SMTP connections
> through its mod_proxy.
>
> The relevant parts in httpd.conf were:
> --------------------------------------------------------
> LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so
> ....
> <IfModule mod_proxy.c>
>
> # Proxy Server directives. Uncomment the following lines to
> # enable the proxy server:
> #
> <IfModule mod_proxy.c>
> ProxyRequests On
>
> <Directory proxy:*>
> Order deny,allow
> #Deny from all
> #Allow from .your_domain.com
> Allow from all
> </Directory>
> </IfModule>
> --------------------------------------------------------
>
> I think this is a security bug (can cause DoS) because
These lines are not present in the provided example configuration. The
example reads:
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
#<IfModule mod_proxy.c>
# ProxyRequests On
# <Directory proxy:*>
# Order deny,allow
# Deny from all
# Allow from .your-domain.com
# </Directory>
#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers
)
# Set to one of: Off | On | Full | Block
#
# ProxyVia On
#
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
#
# CacheRoot "@@ServerRoot@@/proxy"
# CacheSize 5
# CacheGcInterval 4
# CacheMaxExpire 24
# CacheLastModifiedFactor 0.1
# CacheDefaultExpire 1
# NoCache a-domain.com another-domain.edu joes.garage-sale.com
#</IfModule>
# End of proxy directives.
You seem to have explicitly added "Allow from all", thus configuring it as an
open proxy. The security issue is with your configuration, not with apache.
--
- mdz
----- End forwarded message -----
--
- mdz
Reply to: