[nflug] Sendmail Percent Hack

Cyber Source peter at thecybersource.com
Fri May 9 11:48:19 EDT 2008


For postfix the file is /etc/postfix/sender_access

justin.bennett at dynabrade.com wrote:
>
> I'm sure you can do that with the MDA (Procmail) but I'm not sure it 
> will get to the MDA, I think It just stays in the MTA (sendmail)?
>
>
>
>
> *Cyber Source <peter at thecybersource.com>*
> Sent by: nflug-bounces at nflug.org
>
> 05/09/2008 09:36 AM
> Please respond to
> nflug at nflug.org
>
>
> 	
> To
> 	nflug at nflug.org
> cc
> 	
> Subject
> 	Re: [nflug] Sendmail Percent Hack
>
>
>
> 	
>
>
>
>
>
> I would first think to create a rule to deny any email address with a %.
> I can't recall what file this is to edit.
>
> justin.bennett at dynabrade.com wrote:
> >
> > Hey Guys,
> >
> >         I have a mail server running sendmail-8.12.11 and have found
> > it to be susceptible to a percent hack Where if I address an email to
> > anyuser at a domain supported by this server but place the real
> > recipient address in the username portion (replaceing the @ with a %)
> > it will relay the message.  This can be exploited by spammers.
> >
> > For example if you send a message to:
> >
> > joesmoe%company.com at mydomain.com
> >
> > The message will be delivered to the mailserver for mydomain.com then
> > relayed by sendmail to the appropriate place.
> >
> > Is there a way to turn off this 'feature' in sendmail.
> >
> > Thanks
> > Justin
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > nflug mailing list
> > nflug at nflug.org
> > http://www.nflug.org/mailman/listinfo/nflug
> >  
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>   


More information about the nflug mailing list