[22286] in bugtraq
Relaying in MDAEMON.
daemon@ATHENA.MIT.EDU (buggzy)
Fri Aug 17 10:51:44 2001
Message-ID: <00b301c126df$649678f0$e700000a@funky>
From: "buggzy" <alienhard@mail.ru>
To: <bugtraq@securityfocus.com>
Date: Fri, 17 Aug 2001 11:42:24 +0600
MIME-Version: 1.0
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: 7bit
It seems like that Mdaemon SMTP server can be used for unauthorized
relaying. Mail can be relayed when sent "FROM or TO known user", it means
that mail
sent "from" the account of one of served domains always can be relayed.
There is no problem to specify any "from" user, for example, system account
"mdaemon".
220 bepe ESMTP MDaemon 4.0.5 UNREGISTERED; Thu, 16 Aug 2001 11:38:54 +0600
> helo somedomain
250 bepe Hello somedomain, pleased to meet you
> mail from: mdaemon@bepe
250 <mdaemon@bepe>, Sender ok
> rcpt to: alienhard@mail.ru
250 <alienhard@mail.ru>, Recipient ok
The message was successfully sent. Additionally, you can specify "Reply-To"
field in message header, and mail client will reply to correct address.
I can't find any configuration which will disallow it. It looks like design
error - poor criteria. Maybe expert mdaemon users shows is it right or
wrong.
Tested: Mdaemon Pro 4.0.5
buggzy@nerf.ru, Nerf Security Group
http://www.nerf.ru
