HPE Community
Operating System - HP-UX
1847571 Members
4074 Online
110265 Solutions
New Discussion

Sendmail %style blind relaying can be used to obfuscate the origin of emails Vulnerability

 
Thomas Pohlen
Advisor

‎06-07-2001 12:53 AM

‎06-07-2001 12:53 AM

Sendmail %style blind relaying can be used to obfuscate the origin of emails Vulnerability

Hi all,

again, on my S800 with HP-UX 11.0 i have an Vulnerability
An SMTP server supports third-party or %style mail relaying. Third-party mail relaying occurs when a mail server processes a mail message where neither the sender nor the recipient is local to the server's mail domain.

While third party relaying has some legitimate purposes, such as allowing mail messages to be routed around known mail problems, e-mail hijackers
(or spammers) primarily use it to obscure their identity while sending large amounts of junk mail.
Fix: Re-configururation of my SMTP server to enforce that all mail messages must either originate or terminate locally (on the mail host).

Does anybody know hoto do that ?

Thanks in advance
Be patient
0 Kudos
Reply
2 REPLIES 2
Manuel P. Ron
Frequent Advisor

‎06-07-2001 05:26 AM

‎06-07-2001 05:26 AM

Re: Sendmail %style blind relaying can be used to obfuscate the origin of emails Vulnerability

You can implement the /etc/mail/LocalIP file to say sendmail the IP numbres of machines that can use your relay. There is a problem: You can't use your mail server at home!
Crash programs fail because they are based on the theory that, with nine women pregnant, you can get a baby a month. - Wernher von Braun
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

‎06-07-2001 05:51 AM

‎06-07-2001 05:51 AM

Re: Sendmail %style blind relaying can be used to obfuscate the origin of emails Vulnerability

Use LocalIP, and make sure to modify check_rcpt to handle quoted addresses:
# check_rcpt updated to deal with Scheck_rcpt
# first: get client address
R$+ $: $(dequote "" $&{client_addr} $) $| $1
R0 $| $* $@ ok client_addr is 0 for sendmail -bs
R$={LocalIP}$* $| $* $@ ok from here
# not local, check rcpt
R$* $| $* $: $>3 $2
# remove local part, maybe repeatedly
R$+ $:$>removelocal $1
# still something left?
R$*<@$*>$* $#error $@ 5.7.1 $: 550 we do not relay
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.