Seeing some testing probes from Reynolds.net.au against our Imail server. Description of testing here: http://reynolds.net.au/spam/testing/
The old "percent relay" test actually managed to get the server to accept a message, i.e., "[EMAIL PROTECTED]>" although it was not allowed to relay thanks to a 3rd party tool. But it was interesting how this happened and I thought I'd report. Those who have been following the forum for a while will recall the previous discussions about this hack. The most notable vulnerability was the situation where a backup mail server was also permitted in the target Imail ACL. In this case it was quite easy to use the % hack to relay. There was no backup mail server in this present case. The Imail server is behind a firewall and public IPs are NATd to the private IPs. There was a case where one of the public IP's had been added to the Imail ACL. It just so happened that the Reynold's test used this IP as the bracketed IP in the rcpt to. Thus, the Imail server accepted the message. Imail really did nothing wrong in this case but I thought it might be pretty easy for others to add their public IP's to the Imail ACL and not contemplating this % hack. If so then these serves are open to penetration by the % hack. Terry Fritts To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
