Re: old sendmail exploit

Subject: Re: old sendmail exploit
From: James F. Zuelow Jr. (jamesz@ideafamilies.org)
Date: Wed Apr 03 2002 - 10:02:02 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: FeLoNiouS MoNK: "debian install: partition question"
• Previous message: W.D. McKinney: "apt for all"

----- Original Message -----
From: "FeLoNiouS MoNK" <codered@gci.net>
To: <aklug@aklug.org>
Sent: Wednesday, April 03, 2002 9:20 AM
Subject: old sendmail exploit...

> sup all .. gotta question for you guru's .. for all those who know the
old sendmail sploit.. the one where you telnet into somones open port 25
.. and send mail to the local host and on older systems, send mail to
ANYONE using a fake sender address..... .. i dont want to really explain
it incase some people dont know the trick .. anywayz.. is there a way of
combating this sploit? all the guys i know .. just kill the sendmail all
together but i want to actually use the mail wit my debian system im
bringing up "hopefully today"... no one as of yet has given me a
satisfactory answer yet.. just thank goodness it doesnt allow you to
mail out of hte computer on new versions of sendmail.. anywayz thanx in
advance for the help....
> FeLo MoNK

Well, your MTA won't be able to tell the difference between a telnet
session on port 25 and normal incoming mail (except it might wonder at
the v e r y s l o w d a t a r a t e . . .).
So if you have your MTA configured to avoid relaying in the first place,
there should be no problem as far as sending to other hosts. As far as
I know, there is no way to "turn off" an anti-relay configuration from
the network. If there were, the spammers would be all over that. Now,
yes you could send mail to local users - but then it would be a lot
easier just to send them a message with a real MUA instead of typing it
by hand. I suppose that might be fun though, just to get a good idea of
what kinds of chit-chat goes on between various mail servers. I don't
see how this could exploit anything though. Someone care to enlighten
me? Control characters in the message that are normally stripped out or
something?

Cheers,

James

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: FeLoNiouS MoNK: "debian install: partition question"
• Previous message: W.D. McKinney: "apt for all"

This archive was generated by hypermail 2a23 : Wed Apr 03 2002 - 10:02:01 AKST