[nflug] Sendmail Percent Hack
Cyber Source
peter at thecybersource.com
Fri May 9 09:36:12 EDT 2008
I would first think to create a rule to deny any email address with a %.
I can't recall what file this is to edit.
justin.bennett at dynabrade.com wrote:
>
> Hey Guys,
>
> I have a mail server running sendmail-8.12.11 and have found
> it to be susceptible to a percent hack Where if I address an email to
> anyuser at a domain supported by this server but place the real
> recipient address in the username portion (replaceing the @ with a %)
> it will relay the message. This can be exploited by spammers.
>
> For example if you send a message to:
>
> joesmoe%company.com at mydomain.com
>
> The message will be delivered to the mailserver for mydomain.com then
> relayed by sendmail to the appropriate place.
>
> Is there a way to turn off this 'feature' in sendmail.
>
> Thanks
> Justin
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>
More information about the nflug
mailing list