[H-GEN] Relaying outside mail through my server.
Craig Eldershaw
ce at comlab.ox.ac.uk
Wed Nov 5 06:54:03 EST 1997
Hi Steve,
>couple of days, and noticed that one mail message has been sent by someone
>not within the school to someone else not within the school.
>...
>to pass mail out to the real world (our oficial email server is
>administered by our ISP). It is outside the firewall (Vivom Gateway), and
>so is accessible to anyone on the internet, but with IP addresses changing
>every few hours and no DNS entries, I find it hard to believe that this
>could have happened without some effort on someones behalf.
>
>Firstly, can anyone tell me why this might have happened?
Sounds like, as you suggested, that someone did it deliberately. As an easy
test, try sending mail from an outside machine to:
someone at other.outside.machine@your.official.domain
someone%other.outside.machine at your.official.domain
It'll probably get through and generate a similar log entry in your system.
>Secondly, what sort of security threat does this pose?
As in people reading/altering data on your system ? None. However your
machine could be used to relay (semi-)anonymous mail/spam/etc without
your consent.
>Thirdly, what can I do (technically and legally) to stop this happening again?
Technically, it's a case of configuring your mail gateway (or getting your ISP
to do it) to not forward mail that doesn't either originate from or is
destined to your domain. Legally, anything you like - it's your machine, you
have complete legal control of anything passing through it. If it's actually
your ISPs machine, then maybe it's them with the rights...but the malicious
outsider doesn't have any.
HTH.
Cheers,
Craig.
----------------------- HUMBUG General List --------------------------------
echo "unsubscribe general" | mail majordomo at humbug.org.au # To Unsubscribe
More information about the General
mailing list