[CentOS] sendmail security-with example

Thu Sep 21 04:38:17 UTC 2006
abhishek singh <abhishek.rhce at yahoo.co.in>

i have never opened telnet ok , my xinetd service is
off so there is no telnet service , i m doing telnet
to outside to 25 port on my mail server and there is
proper smtp authentication  enabled on server , the
problem is anyuser (non-existing) with my domain can
send mail to my real domain users.
below is example........

##EXAMPLE 1>

telnet 192.168.1.4 25 
220 UNAUTHORIZED ESMTP ACCESS IS PROHIBITED 

220 UNAUTHORIZED ESMTP ACCESS IS PROHIBITED
mail.domain.com
ehlo domain.com
250-mail.domain.com Hello [192.168.1.5], pleased to
meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP
MAIL FROM:<axy at domain.com>
250 2.1.0 <axy at domain.com>... Sender ok
RCPT TO:<abhi at domain.com>
250 2.1.5 <abhi at domain.com>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
this is bad
.
250 2.0.0 k8L4I0FL004621 Message accepted for delivery
quit
221 2.0.0 mail.domain.com closing connection
####################################################
EXAMPLE-2

telnet 192.168.1.4 25

220 UNAUTHORIZED ESMTP ACCESS IS PROHIBITED 
mail.domain.com
ehlo domain.com
250-mail.domain.com Hello [192.168.1.5], pleased to
meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP
MAIL FROM:<alex at mai.com>
250 2.1.0 <alex at mai.com>... Sender ok
RCPT TO:<abhi at domain.com>
250 2.1.5 <abhi at domain.com>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
hjsdhkjhdfkjhsdkf
sfdkdkfjdkg
.
250 2.0.0 k8L4LUMY004822 Message accepted for delivery
quit
221 2.0.0 mail.domain.com closing connection


Connection to host lost.


In above example u can see in the 1st example the
sender(xyz) is not real user of my domain , still he
is able to sendmail to my real users (abhi).

In second scenario sender is able to send mail by
forging domain name by any domain to my domain users.

i have replaced my real domain name with domain.com
and i have to do same thing from out side network , in
my /etc/mail/access file only 127.0.0.1 is allowed .

when i am trying to send mail to another domain then
relaying is denied means my mail server is not open
relay.

plz help me.






Abhishek Kr. Singh
System Administrator
DSC. LTD.
Mob.No. +91-9871563248


		
__________________________________________________________
Yahoo! India Answers: Share what you know. Learn something new
http://in.answers.yahoo.com/