HPE Community
Operating System - HP-UX
1854656 Members
4511 Online
104102 Solutions
New Discussion

Re: Blocking Reverse Address in Mailx

 
SOLVED
Go to solution
Anshumali
Esteemed Contributor

‎10-28-2007 08:24 PM

‎10-28-2007 08:24 PM

Blocking Reverse Address in Mailx

Hi Gurus,

We all are aware of reverse address functionality of the mailx but its proving a security threat for me. As i understand, anyone can send a mail from anyone by specifying the mailx -r (fake Address) to anyone. The mails received at Exchange -->Outlook has the spoofed from address.
While i understand the legalities and that it can be tracked well at exchange level, is there any way i can block this feature. I wish users to send mail(from Address) with their username@domain.com only. (DM is Masqueraded already)... No allow of Mail From Field.

Thanks a ton for help.

Cheers!
Anshu

Dreams are not which you see while sleeping, Dreams are which doesnt allow you to sleep while you are chasing for them!!
0 Kudos
7 REPLIES 7
Tim Nelson
Honored Contributor

‎10-29-2007 03:55 AM

‎10-29-2007 03:55 AM

Re: Blocking Reverse Address in Mailx

You could write a wrapper script for mailx.

i.e. if any arg = -r then echo sorry and exit.

You will have to put the wrapper back anytime you apply patches relevant to the mailx command.

0 Kudos
Philip Gunter
Respected Contributor

‎10-29-2007 12:41 PM

‎10-29-2007 12:41 PM

Re: Blocking Reverse Address in Mailx

Hi Anshu,

SMTP is not a secure protocol. If you block mailx -r there is nothing stoping the user from using another method to spoof the sender. If the user really wanted to they could simply telnet to your exchange server on TCP/25 and interactively send an email.

I wouldn't waste any time trying to lockdown mailx.

Regards,
Philip.
0 Kudos
Philip Gunter
Respected Contributor

‎10-29-2007 12:42 PM

‎10-29-2007 12:42 PM

Re: Blocking Reverse Address in Mailx

Hi Anshu,

SMTP is not a secure protocol. If you block mailx -r there is nothing stopping the user from using another method to spoof the sender. If the user really wanted to they could simply telnet to your exchange server on TCP/25 and interactively send an email.

I wouldn't waste any time trying to lockdown mailx.

Regards,
Philip.
0 Kudos
Anshumali
Esteemed Contributor

‎10-29-2007 05:27 PM

‎10-29-2007 05:27 PM

Re: Blocking Reverse Address in Mailx

Wrapper for Mailx:
Is it something like this?
command
{
If (arg = -r )
echo " Not allowed"
else
continue
}

Never did this so i need some coding help in this regard.

2: I understand that a user can directly telnet to the Exchange on port 25 and do it with commands still i need to secure this first. :)
Dreams are not which you see while sleeping, Dreams are which doesnt allow you to sleep while you are chasing for them!!
0 Kudos
Philip Gunter
Respected Contributor

‎10-29-2007 07:33 PM

‎10-29-2007 07:33 PM

Re: Blocking Reverse Address in Mailx

Hi Anshu,

a wrapper script is not going to do much to protect you. Wrapper scripts work by hiding the real binary and parsing any variables passed and then calling the real binary. The issue is that for a shell script to be executable it needs to be readable - therefore the real location of the binary is visible to any users that can read the file (wrapper).

You'd need to write the wrapper in C to make this work. You then also need to make sure that your wrapper is not overwritten when you add OS patches to the server.

I'm really not sure what problem your trying to solve here. Its not a technology one - its more likely a people one that you should solve with policy. :)

Cheers,
Philip.
0 Kudos
Dennis Handly
Acclaimed Contributor

‎10-29-2007 07:59 PM

‎10-29-2007 07:59 PM

Solution

Re: Blocking Reverse Address in Mailx

>Wrapper for mailx. Never did this so i need some coding help in this regard.

Except that what Philip mentioned makes this useless, here is an example:
#!/usr/bin/ksh

# Checks for -r and gives error

set -A save
(( i = 0 ))
while [ $# -gt 0 ]; do
case "$1" in
-r*) echo "-r not allowed" 1>&2
exit 1
;;
*) save[i]="$1"
(( i += 1 ))
;;
esac
shift
done

set -- "${save[@]}"
/usr/bin/mailx "$@"
0 Kudos
Anshumali
Esteemed Contributor

‎10-29-2007 09:31 PM

‎10-29-2007 09:31 PM

Re: Blocking Reverse Address in Mailx

Thanks Philip/ Dennis,

I hope this can be stopped only with education and IT policy only. ;)
Thanks for your great advices and feedbacks.

Cheers!
Closing thread!
Anshu
Dreams are not which you see while sleeping, Dreams are which doesnt allow you to sleep while you are chasing for them!!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.