[ale] Postifx security oddities...
Stephen Touset
stephen at touset.dyndns.org
Wed Feb 5 10:12:53 EST 2003
I found an email in my box this morning that said Undelivered Mail
Returned. Unfortunately, I never sent the email. It also has, oddly
enough, images linked to it from an old messageboard I used to frequent
(which no longer exists). Also, attached is what appears to be a virus
(I'm examining it in nano).
Now, I've checked my logs for postfix and determined that yes, in fact,
the message was sent from the outside. However, in postfix's main.cf, it
clearly outlines my local networks to be 127.0.0.0/8 and 192.168.1.0/24.
I ssh'd to a remote console and attempted to send an email like his. In
other words, pretending to be from a user on that mailserver, and
sending to a user outside of it, even though I currently am not on the
local network.
The session went (predictably) as follows:
stouset at ibm3000:~$ telnet touset.dyndns.org 25
Trying 68.154.0.80...
Connected to adsl-154-0-80.asm.bellsouth.net.
Escape character is '^]'.
220 touset.dyndns.org ESMTP Postfix (Debian/GNU)
HELO touset.dyndns.org
250 touset.dyndns.org
MAIL FROM:<stephen at touset.dyndns.org>
250 Ok
RCPT TO:<some_user at somewhere_else.net>
554 <some_user at somewhere_else.net>: Recipient address rejected: Relay
access denied
Now, how on Earth could this guy have used me to relay his mail?
Stephen Touset
This is a digitally signed message part
More information about the Ale
mailing list