[22293] in bugtraq
Relaying in MDaemon
daemon@ATHENA.MIT.EDU (Arvel Hathcock)
Fri Aug 17 12:02:13 2001
Message-ID: <008d01c12734$2b716940$0100a8c0@arvel>
From: "Arvel Hathcock" <arvel@altn.com>
To: <bugtraq@securityfocus.com>
Date: Fri, 17 Aug 2001 10:49:04 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-MDaemon-Deliver-To: bugtraq@securityfocus.com
Reply-To: arvel@altn.com
> It seems like that Mdaemon SMTP server can be used for
> unauthorized relaying. Mail can be relayed when sent
> "FROM or TO known user", it means that mail sent "from"
> the account of one of served domains always can be relayed.
> There is no problem to specify any "from" user, for
> example, system account "mdaemon".
Please read the manual. There are ways of verifying addresses. Also, the
default installation does not allow mail relaying. You have enabled it
yourself. There is a switch setting that prevents this sort of thing and it
is set by default.
Arvel Hathcock
CEO, Alt-N Technologies Ltd.
http://www.altn.com
============================
http://www.mdaemon.com
http://www.relayfax.com
============================
