[19928] in bugtraq
Re: MailSweeper for SMTP Security Problem
daemon@ATHENA.MIT.EDU (Matthew Huck)
Fri Mar 30 01:02:24 2001
Mime-Version: 1.0
Content-type: text/plain; charset="us-ascii"
Content-Disposition: inline
Message-ID: <4C256A1D.006C9F36.00@tabnotes1.ho.tab.co.nz>
Date: Thu, 29 Mar 2001 07:01:50 +1200
Reply-To: matthew.huck@TAB.CO.NZ
From: Matthew Huck <matthew.huck@TAB.CO.NZ>
X-To: bug@eunos.demon.co.uk
To: BUGTRAQ@SECURITYFOCUS.COM
Here is a reply from our supplier of MailSweeper after the previous email was
forwarded on to them.
>
> Richard,
>
> I am disappointed to see this matter described as a vulnerability, or
worse
>
> still as a bug, in MAILsweeper. It is simply a question of understanding
> how
> MAILsweeper works and configuring it correctly.
>
> (1) I agree that, with the standard configuration of Incoming and Outgoing
> folders, a message addressed from user1@mydomain.com to user2@mydomain.com
> will be processed via the Outgoing policy. This behaviour is unchanged in
> version 4.2. It can be easily changed by adding the route
> *@mydomain.com -> *@mydomain.com to the Routes configuration of the
> Incoming
> folder, so that it takes precedence over the route *@* -> *@mydomain.com
in
> the Outgoing folder.
> (2) I strongly recommend all MAILsweeper users to scan outgoing mail at
> least for viruses. No matter how much you trust your users, they will
> acquire viruses involuntarily and send them on. Scanning outgoing mail can
> give an early warning of an infection, and save you the embarrassment of
> other organisations detecting viruses in your messages.
> (3) If you have reason to believe that people are likely to spoof messages
> as you describe, it is easy to configure MAILsweeper to check that any
> message with a From address *@mydomain.com has in fact originated from one
> of your mail servers. Please let me know if you want details of how to do
> this.
> It might be helpful if you return this response to the person or newsgroup
> from which you heard of the "vulnerability".
> Regards,
> David Couch
> _____________________________________________
> David Couch
> Scientific Software and Systems Limited
> Tel: +64 4 917-6670
> Fax: +64 4 917-6671
> E-mail: David.Couch@sss.co.nz
> Visit us on the Web at: http://www.sss.co.nz
> _____________________________________________
Matthew Huck
Software Developer
T.A.B
Tel:64-6-5766961
Email:Matthew.Huck@tab.co.nz
