Please try this on your mail server. I have already tried it on many
servers, including postfix and sendmail. All are vulnerable.
telnet mailhost 25
mail from: <>
rcpt to: user@mailhost
the important things are -
1. the mail from address is blank: <>
2. the rcpt to addresses are within the mail servers domains so relay is
not a problem
This allows spammers to send mail using a null return address. In the
mail, the address gets translated to MAILER-daemon.
To fix it in sendmail, go down to ruleset 3, search for a line that
starts with R<>
It should look like this:
R<> $@ < @ > MAIL FROM:<>
change it to this:
R<> $#error $@ 5.1.3 $: "User address required"
That should block anonymous senders.
Any idea why this is allowed (there is a special rule to allow it) at
Repel them. Repel them. Induce them to relinquish the spheroid.
- Indiana University fans' chant for their perennially bad football team
Visit my webpage at http://www.ncst.ernet.in/~philip/
Read my writings at http://www.ncst.ernet.in/~philip/writings/
MSN philiptellis Yahoo! philiptellis