Here's one... Using ASSP, should be safe right?
Not necessarily. That's something I have asked on the ASSP mailing list. ASSP is not a gateway but rather, a proxy so it does eventually pass recipient and data information to the SMTP server. If that happens to be Imail and you don't have ASSP configured correctly, Imail could still be compromised I believe. Since this exploit is using the rcpt command and since ASSP can do recipient validation by both LDAP and flat file, and can be configured to block relaying, I think it will block this exploit if configured to do so as it does this validation before sending to the mail server. Also ASSP can be configured to delay new unknown connections which could frustrate exploitation and it has completely stopped receipt of virus laden emails from infected computers at our site. We still get the rare bounce from "legitimate" email servers that get caught by our AV gateway and attachment type blocker.
My question is if the exploit source IP# is allowed through by ASSP and has already given the malicious rcpt command to ASSP, does the exploit source resend the malicious rcpt command that is then answered by Imail, or does ASSP forward the rcpt command to Imail or would ASSP just reject it as invalid?
So the answer is, it depends on your configuration. I believe using the latest version of ASSP (1.2.5) set up to use all the anti spam and connection based protection capabilities will protect Imail from this exploit.
Doug Traylor To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
