[nflug] Sendmail Percent Hack

Cyber Source peter at thecybersource.com
Fri May 9 09:36:12 EDT 2008


I would first think to create a rule to deny any email address with a %. 
I can't recall what file this is to edit.

justin.bennett at dynabrade.com wrote:
>
> Hey Guys,
>
>         I have a mail server running sendmail-8.12.11 and have found 
> it to be susceptible to a percent hack Where if I address an email to 
> anyuser at a domain supported by this server but place the real 
> recipient address in the username portion (replaceing the @ with a %) 
> it will relay the message.  This can be exploited by spammers.
>
> For example if you send a message to:
>
> joesmoe%company.com at mydomain.com
>
> The message will be delivered to the mailserver for mydomain.com then 
> relayed by sendmail to the appropriate place.
>
> Is there a way to turn off this 'feature' in sendmail.
>
> Thanks
> Justin
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>   


More information about the nflug mailing list