potential smail security bug

To: debian-user@lists.debian.org
Subject: potential smail security bug
From: George Bonser <grep@shorelink.com>
Date: Tue, 3 Nov 1998 00:31:33 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.981103002232.10800G-100000@calvin.captech.com>
Reply-to: grep@oriole.sbay.org

I found this interesting tidbit on comp.mail.smail. The individual is
using smail-3.2.0.100 so I am not sure if this is fixed in newer versions.

Scenario:

Remote site connects to your mail server. In the reverse DNS lookup, the
remote admin has pointed the in-addr.arpa PTR record to your mailhosts
name. The forward and reverse lookups do not match, smail warns of the
discrepancy in the log file but accepts the mail anyway. In this case, the
host gives a trusted HELO and has a trusted reverse DNS though the forward
DNS (look up the hostname, find the IP address) does not match.

A spammer has pumped tons of mail through that site for relay to third
parties though the normal anti-relay measures are in place.



George Bonser

The Linux "We're never going out of business" sale at an FTP site near you!

Reply to:

Prev by Date: Re: exim and bad Sender: header
Next by Date: Re: potential smail security bug
Previous by thread: Re: how to install slink netscape?
Next by thread: Re: potential smail security bug
Index(es):
- Date
- Thread