[CentOS] sendmail security-with example

Alexander Dalloz ad+lists at uni-x.org
Thu Sep 21 11:21:41 UTC 2006


abhishek singh schrieb:

>i have never opened telnet ok , my xinetd service is
>off so there is no telnet service , i m doing telnet
>to outside to 25 port on my mail server and there is
>proper smtp authentication  enabled on server , the
>problem is anyuser (non-existing) with my domain can
>send mail to my real domain users.
>  
>
I answered you regarding this question. Didn't you understand it?

>below is example........
>
>##EXAMPLE 1>
>
>telnet 192.168.1.4 25 
>220 UNAUTHORIZED ESMTP ACCESS IS PROHIBITED 
>  
>
Hell, why do you violate the RFCs? Please do not change things like this 
if you don't know what harmful things you do. Please read RFC821 
<http://www.DNSstuff.com/pages/rfc821.htm> 4.3 (and RFC2821 
<http://www.dnsreport.com/tools/rfc.ch?detail=2821> 4.3.1).

>In above example u can see in the 1st example the
>sender(xyz) is not real user of my domain , still he
>is able to sendmail to my real users (abhi).
>  
>
http://www.sendmail.org/~ca/email/fake.html

>In second scenario sender is able to send mail by
>forging domain name by any domain to my domain users.
>  
>
Faking sender information is as easy as that 4 year old kids can do so. 
Why do you wonder about that? This is how (E)SMTP works. You can dislike 
it, but that's the technical state.
To reject true fantasie sender domains just comment in sendmail.mc the line

FEATURE(`accept_unresolvable_domains')dnl

>Abhishek Kr. Singh
>
Alexander






More information about the CentOS mailing list