[10761] in bugtraq
Re: NTMail3 has open relay hole
daemon@ATHENA.MIT.EDU (Peter van Dijk)
Wed Jun 9 14:56:20 1999
Mail-Followup-To: BUGTRAQ@NETSPACE.ORG
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990608205240.S4200@attic.vuurwerk.nl>
Date: Tue, 8 Jun 1999 20:52:40 +0200
Reply-To: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
From: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <001201beb1c8$fb282400$070390d8@admin1>; from Geo. on Tue,
Jun 08, 1999 at 12:07:17PM -0400
On Tue, Jun 08, 1999 at 12:07:17PM -0400, Geo. wrote:
> NTMail version 3 has an open relay exploit that allows anyone to send mail
> thru the server even if it's not local.
>
> See http://www.nthelp.com/40/ntmailspam.htm for the details.
Note that the <> mentioned here is the empty envelope sender which is
required for bounces. Allowing it thru is still kinda stupid tho. A spammer
exploiting this doesn't have to care about where his bounces go either :)
Greetz, Peter
--
| 'He broke my heart, | Peter van Dijk |
I broke his neck' | peter@attic.vuurwerk.nl |
nognikz - As the sun | Hardbeat@ircnet - #cistron/#linux.nl |
| Hardbeat@undernet - #groningen/#kinkfm/#vdh |
