Re: username@domain@domain relay hole !
On Mon, Apr 30, 2001 at 10:37:20AM -0600, Charles Cazabon wrote: > If baz.net is in rcpthosts, but not in locals or virtuals, qmail will then > forward the whole thing on to the primary MX for baz.net. If this is what is > happening, it's not (unauthorized) relaying at all, and doesn't involve > bar.com at any point. An if there is a .qmail-default file for the domain baz.net that forwards all emails to [EMAIL PROTECTED] this is no unauthorized relaying either :-))) \Maex -- SpaceNet AG| Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen| Fax: +49 (89) 32356-299 Stress is when you wake up screaming and you realize you haven't fallen asleep yet.
Re: username@domain@domain relay hole !
Robert Geller <[EMAIL PROTECTED]> wrote: > > > > > > username@domain@domain > >[...] > > > I am sure that you all concerned about this as I do because it makes your > > > server an open relay to this trick . > > > >No, it doesn't. [...] > >In no circumstances will the message be relayed to the server which handles > >mail for domain "bar". > I think Nissim is correct. I have tested several qmail servers and this > does happen. No, he is incorrect. The example you sent me in private mail doesn't show this happening either. I have yet to see the logs of a single instance of this form of relaying being allowed to happen through a qmail server. Sending mail to <[EMAIL PROTECTED]@baz.net> will be accepted by qmail if baz.net is in rcpthosts. If it's local, qmail will try to deliver it to local user "[EMAIL PROTECTED]" -- qmail knows the difference between a local recipient and a remote recipient, so it won't try to send this on to the MX for bar.com. If baz.net is in rcpthosts, but not in locals or virtuals, qmail will then forward the whole thing on to the primary MX for baz.net. If this is what is happening, it's not (unauthorized) relaying at all, and doesn't involve bar.com at any point. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: username@domain@domain relay hole !
On Mon, Apr 30, 2001 at 11:27:57AM -0400, Robert Geller wrote: > I think Nissim is correct. I have tested several qmail servers and this > does happen. I am sure he is not: $ telnet mail.space.net smtp Trying 195.30.0.8... Connected to mail.space.net. Escape character is '^]'. 220 mail.space.net ESMTP MAIL FROM: <[EMAIL PROTECTED]> 250 ok RCPT TO: <[EMAIL PROTECTED]@space.net> 250 ok DATA 354 go ahead Subject: relay test . 250 ok 988645099 qp 20023 quit 221 mail.space.net Connection closed by foreign host. From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure notice "[EMAIL PROTECTED]"@space.net No such user. That other have relay open/misconfigured qmail servers isn't a prove :-) \Maex
Re: username@domain@domain relay hole !
At 08:20 AM 4/30/01 -0600, Charles Cazabon wrote: >Nissim Penias <[EMAIL PROTECTED]> wrote: > > > > I have recently installed a new qmail server an i am interested in working > > with soon but i figured out that qmail doesn't solve the situation of > > relaying this address type: > > > > username@domain@domain >[...] > > I am sure that you all concerned about this as I do because it makes your > > server an open relay to this trick . > >No, it doesn't. What makes you think it does? To qmail, there's nothing >special about an '@' symbol inside the local-part of an email address. >For example, a message to , handled by a qmail server which >handles mail for baz.net, will be delivered to local user "foo@bar". If you >don't have such a user, the message will bounce. > >In no circumstances will the message be relayed to the server which handles >mail for domain "bar". > >Charles >-- Charles, I think Nissim is correct. I have tested several qmail servers and this does happen. -Rob Sportsline Operations Dept. 954-351-2120 x4528 or x4234 AIM: rg1454bb ICQ: 30834081 http://cbs.sportsline.com
Re: Fw: username@domain@domain relay hole !
Nissim Penias <[EMAIL PROTECTED]> wrote: > > > > > username@domain@domain > > > [...] > > > > I am sure that you all concerned about this as I do because it makes > > > > your server an open relay to this trick . > > > No, it doesn't. What makes you think it does? To qmail, there's > > > nothing special about an '@' symbol inside the local-part of an email > > > address. > > What I meen is that if I am sending mail using the SMTP protocol telnet > > mailserver 25 ) and I am using address foo@[EMAIL PROTECTED] and I am holding > > kuku.com the mail will be relayed from my mail server kuku.com to foo@bar Prove it -- show us the unedited logs of this happening. What I think is your log shows your system trying to deliver to local user "foo@bar", and you're misreading it. Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Fw: username@domain@domain relay hole !
- Original Message - From: Nissim Penias <[EMAIL PROTECTED]> To: Charles Cazabon <[EMAIL PROTECTED]> Sent: Monday, April 30, 2001 4:40 PM Subject: Re: username@domain@domain relay hole ! > > - Original Message - > From: Charles Cazabon <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, April 30, 2001 4:20 PM > Subject: Re: username@domain@domain relay hole ! > > > > Nissim Penias <[EMAIL PROTECTED]> wrote: > > > > > > I have recently installed a new qmail server an i am interested in > working > > > with soon but i figured out that qmail doesn't solve the situation of > > > relaying this address type: > > > > > > username@domain@domain > > [...] > > > I am sure that you all concerned about this as I do because it makes > your > > > server an open relay to this trick . > > > > No, it doesn't. What makes you think it does? To qmail, there's nothing > > special about an '@' symbol inside the local-part of an email address. > > For example, a message to , handled by a qmail server > which > > handles mail for baz.net, will be delivered to local user "foo@bar". If > you > > don't have such a user, the message will bounce. > > > > In no circumstances will the message be relayed to the server which > handles > > mail for domain "bar". > > > > Charles > > -- > > --- > > Charles Cazabon<[EMAIL PROTECTED]> > > GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ > > Any opinions expressed are just that -- my opinions. > > --- > > > > Hello Charles , > > What I meen is that if I am sending mail using the SMTP protocol > telnet mailserver 25 ) and > I am using address foo@[EMAIL PROTECTED] and I am holding kuku.com the mail > will be relayed > from my mail server kuku.com to foo@bar . > > I tried it and the qmail-smtpd log says delivering foo@bar insted of > dropping it . > > This meens that users outside my domain can use any qmail server this > way to relay to outside > existing adresses . > > Thanks , > Nissim . >
username@domain@domain relay hole !!!
Hello all , I have recently installed a new qmail server an i am interested in working with soon but i figured out that qmail doesn't solve the situation of relaying this address type: username@domain@domain while username@domain is the person to which i am intersted in sending mail and the @domain is my mail domain and the mail server relay this king of address that conclude two '@' signes and gives spammers and other people use qmail as relay to their own intrests . When I type 'qmail-showctl' I see that qmail covers the '%' situation but is there any solution for the problem I have just mentioned . I am sure that you all concerned about this as I do because it makes your server an open relay to this trick . I would realy like to solve it so , it any of you are aware of any solution within qmail or other one , this might help us all . Thanks , Nissim Penias .
Re: username@domain@domain relay hole !
Nissim Penias <[EMAIL PROTECTED]> wrote: > > I have recently installed a new qmail server an i am interested in working > with soon but i figured out that qmail doesn't solve the situation of > relaying this address type: > > username@domain@domain [...] > I am sure that you all concerned about this as I do because it makes your > server an open relay to this trick . No, it doesn't. What makes you think it does? To qmail, there's nothing special about an '@' symbol inside the local-part of an email address. For example, a message to , handled by a qmail server which handles mail for baz.net, will be delivered to local user "foo@bar". If you don't have such a user, the message will bounce. In no circumstances will the message be relayed to the server which handles mail for domain "bar". Charles -- --- Charles Cazabon<[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
username@domain@domain relay hole !
Hello all , I have recently installed a new qmail server an i am interested in working with soon but i figured out that qmail doesn't solve the situation of relaying this address type: username@domain@domain while username@domain is the person to which i am intersted in sending mail and the @domain is my mail domain and the mail server relay this king of address that conclude two '@' signes and gives spammers and other people use qmail as relay to their own intrests . When I type 'qmail-showctl' I see that qmail covers the '%' situation but is there any solution for the problem I have just mentioned . I am sure that you all concerned about this as I do because it makes your server an open relay to this trick . I would realy like to solve it so , it any of you are aware of any solution within qmail or other one , this might help us all . Thanks , Nissim Penias .