[11114] in bugtraq
Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2
daemon@ATHENA.MIT.EDU (Daniele Orlandi)
Sun Jul 25 00:37:37 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3799A594.467938EA@orlandi.com>
Date: Sat, 24 Jul 1999 13:37:56 +0200
Reply-To: Daniele Orlandi <daniele@ORLANDI.COM>
From: Daniele Orlandi <daniele@ORLANDI.COM>
X-To: Matt Dunn <matt@ELECTROCENTRIC.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Matt Dunn wrote:
>
> Actually, the default install of 8.9.3 does NOT in and of itself fix this
> problem. I'm looking into the rulesets that will specifically handle this.
The vulnerable rules seem to be the ones from Claus Aussman and many derived
from them, including a set of rules I wrote by myself.
I fixed them by replacing the part which checks for a local recipient with the
more complex set from RedHat 6.0 that appears to take care of dequoting the
recipient address.
I hope this could be of help for users of home-made rules.
# remove local part, maybe repeatedly
R$*<@$=w.>$* $>3 $1 $3
# If you want to use RelayTo uncomment the following line
R$*<@$*$={RelayTo}.>$* $>3 $1 $4
R$*<@$+>$* $#error $@ 5.7.1 $: "571 Relay denied"
--------------------Replace with:
# remove local part, maybe repeatedly
R$+ $:$>removelocal $1
# still something left?
R$*<@$+>$* $#error $@ 5.7.1 $: "571 Relay denied"
Sremovelocal
# remove RelayTo part (maybe repeatedly)
R$*<@$*$={RelayTo}.>$* $>3 $1 $4
R$*<@$=w.>$* $: $>removelocal $>3 $1 $3
R$*<@$*>$* $@ $1<@$2>$3
# dequote local part
R$- $: $>3 $(dequote $1 $)
R$*<@$*>$* $: $>removelocal $1<@$2>$3
Bye!
--
Daniele
-------------------------------------------------------------------------------
Daniele Orlandi - Utility Line Italia
Via Mezzera 29/A - 20030 - Seveso (MI) - Italy
-------------------------------------------------------------------------------
