[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

open-relay with malformed MAIL syntax ?

To: qmail@xxxxxxxxxxxxx
Subject: open-relay with malformed MAIL syntax ?
From: Ben Parker <ben@xxxxxxxxxxxxxxxxxx>
Date: Tue, 02 Jul 2002 16:38:24 -0400
Delivered-to: mailing list qmail@list.cr.yp.to
Importance: Normal
Mailing-List: contact qmail-help@list.cr.yp.to; run by ezmlm
Reply-to: ben@xxxxxxxxxxxxxxxxxx

I've discovered that my qmail server relays mail even though it shouldn't.

I'm running qmail 1.03 installed according to the LWQ tutorial. I have also
installed vpopmail 4.9.10 to serve virtual domains.  Mail delivery has
worked fine for over 150 days, but recently I realized that my local Outlook
client is connecting to my server via an IP address which is NOT in
/etc/tcp.smtp ... meaning that RELAYCLIENT should not be set for SMTP
connections from my desktop machine.

This led me to wonder how I was able to send mail at all. Because according
to everything I've read  about qmail, my Outlook client should be blocked
from sending SMTP through my qmail server to remote domains, but allowed to
pickup POP3 mail via authentication through vpopmail. But I can still send
via SMTP to domains not in my RCPTHOSTS!

So I tested telneting to my server port 25 and trying to send mail where the
RCPT TO is NOT in my RCPTHOSTS:

HELO
220 mydomain.org ESMTP
250 mydomain.org
MAIL From: someone@notmydomain.com
250 ok
RCPT To: someone@notmydomaineither.com
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

This made me happy, but it doesn't explain why I can send SMTP via Outlook.
So I messed around a bit and discovered what I think is the hole:

If I try telneting to port 25 and using an invalid MAIL format, the mail is
accepted and relayed to the recipient, even though they are not in my
RCPTHOSTS:

HELO
220 mydomain.org ESMTP
250 mydomain.org
MAIL Fro:
250 ok
RCPT To: <someone@notmydomain.com>
250 ok
DATA
345 go ahead
From: <someone@notmydomain.com>
To: <someone@notmydomaineither.com>
Subject: open-relays stink

Receiving this mail means our relay is not fully closed.
.
250 ok 1025635235 qp 4155
QUIT
221 mydomain.org

and I received the latter mail at the "someone@notmydomaineither.com"
account, which I believe indicates that an invalid/unsecure relay had taken
place.

How can I close this loophole in qmail?!  I'm happy to provide more
information as necessary.

Ben
ben@brothersparker.com

Follow-Ups:
- Re: open-relay with malformed MAIL syntax ?
  - From: mw-list-qmail

Prev by Date: Re: SMTP problems
Next by Date: Re: open-relay with malformed MAIL syntax ?
Prev by thread: Re: SMTP problems
Next by thread: Re: open-relay with malformed MAIL syntax ?
Index(es):
- Date
- Thread