[nflug] Sendmail Percent Hack

justin.bennett at dynabrade.com justin.bennett at dynabrade.com
Fri May 9 09:20:09 EDT 2008

Hey Guys,

        I have a mail server running sendmail-8.12.11 and have found it to 
be susceptible to a percent hack Where if I address an email to anyuser at 
a domain supported by this server but place the real recipient address in 
the username portion (replaceing the @ with a %) it will relay the 
message.  This can be exploited by spammers.

For example if you send a message to:

joesmoe%company.com at mydomain.com

The message will be delivered to the mailserver for mydomain.com then 
relayed by sendmail to the appropriate place.

Is there a way to turn off this 'feature' in sendmail. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nflug.org/pipermail/nflug/attachments/20080509/d19dfbc4/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 8150 bytes
Desc: not available
Url : http://www.nflug.org/pipermail/nflug/attachments/20080509/d19dfbc4/attachment.gif

More information about the nflug mailing list