[nflug] Sendmail Percent Hack

justin.bennett at dynabrade.com justin.bennett at dynabrade.com
Fri May 9 09:40:31 EDT 2008

I'm sure you can do that with the MDA (Procmail) but I'm not sure it will 
get to the MDA, I think It just stays in the MTA (sendmail)?

Cyber Source <peter at thecybersource.com> 
Sent by: nflug-bounces at nflug.org
05/09/2008 09:36 AM
Please respond to
nflug at nflug.org

nflug at nflug.org

Re: [nflug] Sendmail Percent Hack

I would first think to create a rule to deny any email address with a %. 
I can't recall what file this is to edit.

justin.bennett at dynabrade.com wrote:
> Hey Guys,
>         I have a mail server running sendmail-8.12.11 and have found 
> it to be susceptible to a percent hack Where if I address an email to 
> anyuser at a domain supported by this server but place the real 
> recipient address in the username portion (replaceing the @ with a %) 
> it will relay the message.  This can be exploited by spammers.
> For example if you send a message to:
> joesmoe%company.com at mydomain.com
> The message will be delivered to the mailserver for mydomain.com then 
> relayed by sendmail to the appropriate place.
> Is there a way to turn off this 'feature' in sendmail.
> Thanks
> Justin
> ------------------------------------------------------------------------
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
nflug mailing list
nflug at nflug.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nflug.org/pipermail/nflug/attachments/20080509/904bd17a/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 8150 bytes
Desc: not available
Url : http://www.nflug.org/pipermail/nflug/attachments/20080509/904bd17a/attachment-0001.gif

More information about the nflug mailing list