1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail Server Concerns!

Discussion in 'Networks & Internet Connectivity' started by CoXeY, 3 Aug 2006.

  1. CoXeY

    Hitman

    Joined: 6 Feb 2004

    Posts: 689

    Location: Herts

    In times of technical hardship where else would I turn but the OcUK forums!!

    After carrying out a bit of an audit on our mail servers I have found what appears to be a nasty looking security vulnerability!

    Before I go into detail I need to make sure I understand mail server activity correctly, so, in the following example am I correct in thinking that our mail server should accept the [email protected] address for local delivery and relay the message onto another server for the [email protected] address?

    If that is correct then my concern is that it is not going to take a genius to find a valid local address and use it to deliver UCE to numerous CC'd recipients...

    Dan.
     
  2. tolien

    Caporegime

    Joined: 16 May 2003

    Posts: 25,368

    Location: ::1

    It's half correct. There's also the proviso that the message comes from either an authenticated user or an IP on a list.
     
  3. CoXeY

    Hitman

    Joined: 6 Feb 2004

    Posts: 689

    Location: Herts

    Hi toilen - thanks for the reply.

    The server does not require authetication to accept mail from the internet and it seems if a valid mailbox is used in the recipient list it'll deliver mail to the CC's too. However, I would assume that anyone looking to exploit the server in this are likely to be from a spurious soruce. So if my brain serves me correctly then enabling reverse DNS lookups on all inbound mail should help prevent the risk.

    If that's the case then my next question is how on earth do i enable reverse DNS on a Qmail server?! :rolleyes:

    Dan.
     
  4. tolien

    Caporegime

    Joined: 16 May 2003

    Posts: 25,368

    Location: ::1

    The version I'm running requires the mail to come from a list of "allowed" IPs, or localhost.
     
    Last edited: 3 Aug 2006