Mail Server Concerns!

[CoXeY]

In times of technical hardship where else would I turn but the OcUK forums!!

After carrying out a bit of an audit on our mail servers I have found what appears to be a nasty looking security vulnerability!

Before I go into detail I need to make sure I understand mail server activity correctly, so, in the following example am I correct in thinking that our mail server should accept the [email protected] address for local delivery and relay the message onto another server for the [email protected] address?

220 ourmailserver.localdomain.com ESMTP
helo localdomain.com
250 ourmailserver.localdomain.com
mail from: [email protected]
250 ok
rcpt to: [email protected]
250 ok
rcpt to: [email protected]
250 ok

If that is correct then my concern is that it is not going to take a genius to find a valid local address and use it to deliver UCE to numerous CC'd recipients...

Dan.

 

[tolien]

It's half correct. There's also the proviso that the message comes from either an authenticated user or an IP on a list.

 

[CoXeY]

Hi toilen - thanks for the reply.

The server does not require authetication to accept mail from the internet and it seems if a valid mailbox is used in the recipient list it'll deliver mail to the CC's too. However, I would assume that anyone looking to exploit the server in this are likely to be from a spurious soruce. So if my brain serves me correctly then enabling reverse DNS lookups on all inbound mail should help prevent the risk.

If that's the case then my next question is how on earth do i enable reverse DNS on a Qmail server?!

Dan.

 

[tolien]

The server does not require authetication to accept mail from the internet and it seems if a valid mailbox is used in the recipient list it'll deliver mail to the CC's too.

The version I'm running requires the mail to come from a list of "allowed" IPs, or localhost.