Firewall Wizards mailing list archives
Raptor 6.0[1] SMTP-Proxy - Anti-Relay bug
From: "Holger Heimann" <hh () it-sec de>
Date: Fri, 28 May 1999 10:15:52 +0200
28 Mai. 1999. I get back to an issue we mentioned here some two weeks ago, concerning a bug in the Raptor 6.0 and 6.01 Firewall. Description: ------------ The Raptor 6.0 and 6.01 SMTP-Proxys anti-relay mechanism does not work properly for some UUCP-Style addresses. Even with a correctly set "Recipient Domain" in the "SMTP Rules Properties" tab, an outside user can use the internal Mail-Transfer-Agent (MTA) to send EMails to the internet ("Relaying"). This is at least true for one particular UUCP-Style E-Mail addressing nomenclature, provided the internal MTA is capable of handling those styles (which is in turn at least true for probably all flavours of sendmail). AXENTs Response: ---------------- We explained the details to AXENT/Raptor who (unexpectedly) replied almost immediately (appreciated). AXENT confirmed the problem and announced to fix it with the next patch. What can happen? ---------------- Your Mailserver may be misused as a relay for distributing (many, many) e-mails to the internet. This would happen on your expenses regarding cost and reputation (depending on the content). Since this particular kind of addressing scheme is obviously not handled in the Raptors SMTP-proxy (read: "probably passed through"), it might be possible to exploit potential vulnerabilities in the MTA this way also. However, we do not have any knowledge whether there are related vulnerabililies in sendmail and other MTAs or not, so this is (for the moment) theoretical. How do I know? -------------- We refrained from offering a online-check via WWW since it could easily be misused. We also do not want to give the complete SMTP dialog here for a simple reason: we want to keep script-kiddies from playing around - the bad guys know what to do, anyway. (But we are sure that somebody will post it to proof his/her knowledge, anyway). So, ask your local Firewall guru to check the problem for you. What to do? ----------- If you are really concerned about the problem, reconfigure your MTA as far this is possible. Sendmail allows to be configured against relaying, other MTAs probably do also. You have to read the documentation. (Note, that this is not the solution. It's the Firewalls part to handle such problems!) The second option is to just wait for the next Raptor patch from AXENT. If you are paranoid, you may also stop all inbound SMTP traffic, but this would probably be inadequate, depending on your policy. With best regards Holger Heimann hh () it-sec de --------------------------------------------------------------------------- Online NETBIOS Vulnerability Check: http://www.it-sec.de/vulchk.html --------------------------------------------------------------------------- ibh - Ingenieurbuero Heimann Phone : +49-(0)731-93579-200 o Sicherheit in der Informationstechnik Fax : +49-(0)731-93579-111 o Datenschutz EMail : info () it-sec de o Softwaretechnologie URL : http://www.it-sec.de Sedanstr. 10, D-89077 Ulm Postfach: 2908, D-89019 Ulm ---------------------------------------------------------------------------
Current thread:
- Raptor 6.0[1] SMTP-Proxy - Anti-Relay bug Holger Heimann (May 28)