[11793] in bugtraq
Re: I found this today and iam reporting it to you first!!! (fwd)
daemon@ATHENA.MIT.EDU (Alan Brown)
Thu Sep 9 20:25:28 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.05.9909080804540.12223-100000@mailhost.manawatu.net.nz>
Date: Wed, 8 Sep 1999 08:07:28 +1200
Reply-To: Alan Brown <alan@MANAWATU.GEN.NZ>
From: Alan Brown <alan@MANAWATU.GEN.NZ>
X-To: Wietse Venema <wietse@PORCUPINE.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990904182153.04D8545A52@spike.porcupine.org>
On Sat, 4 Sep 1999, Wietse Venema wrote:
> Whatever reasoning the poster used, it is invalid with any reasonable
> mail system, because it is the mail system that chooses the bounce
> message originator address; the bounce message originator address
> is not under control by the attacker.
>
> In other words, the suggested loop does not exist.
I can personally vouch for most cc:mail installations being so braindead
that they will bounce indefinitely. One such machine returned 5800
bounce messages from a single complaint sent to postmaster@rDNS about
relayed spam - with each additional message being 2kb larger than the
previous one.
Put 2 of those back-to-back and see what happens.
AB
