[H-GEN] Re: QL: Relaying outside mail through my server.

Michael Anthon anthonm at ats.com.au
Wed Nov 5 17:03:35 EST 1997


I don't believe it is a weakness.  As I understand it, it's SUPPOSED to do 
mail forwarding, however it is quite possible to set it up so that it will 
only forward mail for a select range of domains.
In the RedHat 4.2 distribution, there is a bunch of information on 
configuring sendmail in /usr/lib/sendmail-cf.  Not sure about other 
versions or distributions

Regards
Michael Anthon

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GE d- s: a C+(+++)$>++++ P(+)>+++ L+(++)>++++ !E W+(++) N++ o?
K? w++()$ !O !M-- V? PS? !PE Y !PGP- t+ 5+(++) X+(++) R tv- b++>+++
DI++ D+ G e+ h--->---- r+++ y+++
------END GEEK CODE BLOCK------


On Thursday, November 06, 1997 6:44 AM, Peter Relph 
[SMTP:peter.relph at bushnet.qld.edu.au] wrote:
> Steve,
>
> BushNet has also been afflicted with a similar situation over the past 
few
> days, maybe weeks.
>
> Our Sys Admin has put in place a temporary routing block on the network 
that
> the perpetrator is dialing into, whilst contacting the network
> administrators to get them to stop the offender.
>
> Whilst not having a technical knowledge of the mechanism, apparently it 
is a
> weakness in the sendmail program that permits this sort of abuse.
>
> peter relph
>
> At 18:15 5/11/97 +1000, Steve Pinel wrote:
> >Talking of mail servers, I just looked through the mail log for the past
> >couple of days, and noticed that one mail message has been sent by 
someone
> >not within the school to someone else not within the school.
> >
> >Now, we have a dialup connection, with a dynamic IP address assigned 
each
> >time we connect (several times a day).  The mail server, which is a Mac
> >running EIMS,  is really only intended as an internal affair, but is 
able
> >to pass mail out to the real world (our oficial email server is
> >administered by our ISP).  It is outside the firewall (Vivom Gateway), 
and
> >so is accessible to anyone on the internet, but with IP addresses 
changing
> >every few hours and no DNS entries, I find it hard to believe that this
> >could have happened without some effort on someones behalf.
> >
> >Firstly, can anyone tell me why this might have happened?
> >
> >Secondly, what sort of security threat does this pose?
> >
> >Thirdly, what can I do (technically and legally) to stop this happening 
again?
> >
> >Thanks very much
> >
> >Steve 'a bit concerned' Pinel
> >
> >
> >
> >
>
> ----------------------- HUMBUG General List 
--------------------------------
> echo "unsubscribe general" | mail majordomo at humbug.org.au # To 
Unsubscribe
----------------------- HUMBUG General List --------------------------------
echo "unsubscribe general" | mail majordomo at humbug.org.au # To Unsubscribe



More information about the General mailing list