[22292] in bugtraq
Re: Relaying in MDAEMON.
daemon@ATHENA.MIT.EDU (Alun Jones)
Fri Aug 17 11:37:38 2001
Message-Id: <4.3.2.7.2.20010817101040.02931258@mail.io.com>
Date: Fri, 17 Aug 2001 10:12:31 -0500
To: "buggzy" <alienhard@mail.ru>
From: Alun Jones <alun@texis.com>
Cc: <bugtraq@securityfocus.com>
In-Reply-To: <00ee01c126ed$05898dd0$e700000a@funky>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 02:19 AM 8/17/2001, buggzy wrote:
>As an addition to previous posting: one ISP administrator complains that
>MERAK 2.10.240 SMTP server is also vulnerable to such unauthorized relay. I
>don't test it myself.
Many mail servers are vulnerable to unauthorised relay from people who
specify a "MAIL FROM" address at the ISP hosting the mail server. This is
a frequent source of spam, and can usually be addressed by changing options
in the mail server, and using such things as SMTP AUTH, and
POP-before-send, on those connections that are not sourced on the ISP's
networks.
Alun.
~~~~
--
Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to
Fax/Voice +1(512)378-3246 | read details of WFTPD Pro for NT.
