Markus,
Monday, January 27, 2003 you wrote:
MG> How can I test relaying trough my servers using the %piggyback address?
MG> "[EMAIL PROTECTED]" should be the correct format.
MG> This will not work.
You have 2 mail servers, example.com, which is an IMAIL server,
and example.net. Example.net lives on a different network, backs
up example.com, and may or may not be an IMAIL server. I will
discuss below how to relay mail to a third domain, example.org,
using the %piggyback technique:
Example.net is a backup for example.com. The Admin who runs
example.com mistakenly entered the IP address of example.net
in his allowed to relay ACL. Or perhaps he runs both servers
and has each backup the other.
So send a message addressed to "[EMAIL PROTECTED]"
through the example.net server (the backup server for
example.com).
Since example.net is a backup for example.com it inspects the
message and correctly accepts it for delivery to example.com
which is the correct domain parsed from the address. The
message is queued and sent on to example.com.
When example.com, our IMAIL server, receives the message it
checks to see if example.net is authorized to relay. If it is
then IMAIL parses the address in such a way that the % sign is
changed to an @ character and delivery is attempted to
[EMAIL PROTECTED] In part this is because the % sign (and
other characters can be used as a domain delimiter.
In fact neither server has done anything really wrong. But
the effect of the process is that you will be listed as an
open relay if you are tested in this way.
The obvious solution is to make certain you do not allow
relaying for any backup mail servers.
And if that is not possible then you have to rely on Declude's
PERCENT test.
MG> What can Scott mean by writing "IMail does normally check for this, but
MG> there is a report of it not catching this type of mail under certain
MG> circumstances." ?
Just exactly what it says.
IMAIL and other mail servers can be set to use other domain
delimiters besides the "@" character. There are actually valid
uses for this phenomenon, too. It dates back to early sendmail or
perhaps even earlier.
hth
Terry Fritts
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
