David Luyer posted to the
SecurityFocus mailing
list:
We have recently found ourself used as mail relays and put into
the ORBS mail relay blocking system due to a bug in early
anti-relay rulesets as used in both our local rules and RedHat 5.0,
5.1 and 5.2 (even though we never touch RedHat on serious servers,
somehow our home-brew rulesets ended up bug-compatible).
It seems that some spammers out there have discovered the power
of:
RCPT TO: <“target@destination.com”@relay.host.name>
where relay.host.name is obtained by reverse DNS lookup.
Users of sendmail 8.9.x of course have no problem, neither do
those who have updated their mail relay prevention rulesets
recently, but I think there are enough RedHat 5.0, 5.1 and 5.2
users who are unaware of the problem to make it worth sending this
out.
I have put out a quick little script which fixes this. The
script can be found at:
ftp://typhaon.ucs.uwa.edu.au/pub/strobe-classb/RH5.0-5.2-patchscript
This problem is checked for by my latest relay scanner at:
ftp://typhaon.ucs.uwa.edu.au/pub/strobe-classb/strobe-classb-v1.8.tgz
(some additional information about open relays and some problems
they present can be found at http://typhaon.ucs.uwa.edu.au/presentations.html
under ‘E-mail Security’, but hopefully everyone is well-informed of
the issues by now; that paper is quite dated even if it is under a
year old)
David.