[11805] in bugtraq
Re: I found this today and iam reporting it to you first!!! (fwd)
daemon@ATHENA.MIT.EDU (Bill Royds)
Fri Sep 10 00:51:14 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <852567E5.00557532.00@pch.gc.ca>
Date: Tue, 7 Sep 1999 11:33:24 -0400
Reply-To: Bill_Royds@PCH.GC.CA
From: Bill Royds <Bill_Royds@PCH.GC.CA>
X-To: Bret Watson <ticm@POP.SOFTHOME.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
The real problem is defining a "Notification message". Every mail server seems
to define its notification messages differently.
Supposedly notifications come from envelope sender <> so the format shouldn't
matter. But so many systems refuse mail from <> with a notification message of
their own that the loops keep piling up. To avoid these systems, some sysadmins
configure messages as coming from MAILER-DAEMON or postmaster which gets
regular error messages back to sender but increases a chance of an email loop.
The worst offenders seem to be the coporate email systems such as Notes and
Groupwise that were originally developed with only internal usage. They have had
SMTP grafted on to them in a rather kludgey way.
I had 25MB of postmaster messages this morning from mail loops that only ended
when the messages ran over our 6MB email size limit. An internal Notes server
lost connectivity to another server. Instead of queuing the messages it returned
a non-standard format error message to sender which was refusing <> errors,
sending them back. :-)
Bret Watson <ticm@POP.SOFTHOME.NET> on 07/09/99 04:24:00 AM
Please respond to Bret Watson <ticm@POP.SOFTHOME.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
cc: (bcc: Bill Royds/HullOttawa/PCH/CA)
Subject: Re: I found this today and iam reporting it to you first!!! (fwd)
Exactly... however - many mail servers _are_ misconfigured. especially
those using an external-internal relay...
>Sit back and watch absolutely nothing happen, unless both mailers are
>misconfigured. Even the venerable RFC821
>(http://www.faqs.org/rfcs/std/std10.html) notes that:
>
> Of course, server-SMTPs should not send notification
> messages about problems with notification messages.
>
Technical Incursion Countermeasures
consulting@TICM.COM http://www.ticm.com/
voice mail/fax: (+65)459 6373(UTC+8 hrs)
The Insider - a e'zine on Computer security Call for papers Vol 3 Issue 2
http://www.ticm.com/info/insider/index.html
