David Luyer posted to the
SecurityFocus mailing
list:
We have recently found ourself used as mail relays and put into
the ORBS mail relay blocking system due to a bug in early
anti-relay rulesets as used in both our local rules and RedHat 5.0,
5.1 and 5.2 (even though we never touch RedHat on serious servers,
somehow our home-brew rulesets ended up bug-compatible).
It seems that some spammers out there have discovered the power
of:
RCPT TO: <“target@destination.com”@relay.host.name>
where relay.host.name is obtained by reverse DNS lookup.
Users of sendmail 8.9.x of course have no problem, neither do
those who have updated their mail relay prevention rulesets
recently, but I think there are enough RedHat 5.0, 5.1 and 5.2
users who are unaware of the problem to make it worth sending this
out.
I have put out a quick little script which fixes this. The
script can be found at:
ftp://typhaon.ucs.uwa.edu.au/pub/strobe-classb/RH5.0-5.2-patchscript
This problem is checked for by my latest relay scanner at:
ftp://typhaon.ucs.uwa.edu.au/pub/strobe-classb/strobe-classb-v1.8.tgz
(some additional information about open relays and some problems
they present can be found at http://typhaon.ucs.uwa.edu.au/presentations.html
under ‘E-mail Security’, but hopefully everyone is well-informed of
the issues by now; that paper is quite dated even if it is under a
year old)
David.
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.