[nflug] Sendmail Percent Hack
justin.bennett at dynabrade.com
justin.bennett at dynabrade.com
Fri May 9 09:20:09 EDT 2008
Hey Guys,
I have a mail server running sendmail-8.12.11 and have found it to
be susceptible to a percent hack Where if I address an email to anyuser at
a domain supported by this server but place the real recipient address in
the username portion (replaceing the @ with a %) it will relay the
message. This can be exploited by spammers.
For example if you send a message to:
joesmoe%company.com at mydomain.com
The message will be delivered to the mailserver for mydomain.com then
relayed by sendmail to the appropriate place.
Is there a way to turn off this 'feature' in sendmail.
Thanks
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nflug.org/pipermail/nflug/attachments/20080509/d19dfbc4/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 8150 bytes
Desc: not available
Url : http://www.nflug.org/pipermail/nflug/attachments/20080509/d19dfbc4/attachment.gif
More information about the nflug
mailing list