FW: (REPOST) Sendmail 8.11 configuration/security issue

["Keith T. Morgan" <keith.morgan () terradon com>]

Our moderator shot down my original post.  So here's a slightly more G rated version.

-----Original Message-----
From: Keith T. Morgan 
Sent: Sunday, January 05, 2003 9:55 PM
To: john65 () pobox com; security-basics () securityfocus com
Subject: RE: Sendmail 8.11 configuration/security issue


<snip>
> (What if
> mary () xyz com wants to use her xyz.com return address when she's sending
> mail from home to joe () xyz com via her local ISP dialup -- Why would you
> want to block that?) What's the difference if incoming spam has one
> forged address or another anyway? It's still spam!

> 'Switching to Postfix', using a 'content security gateway,' or 'TLS' are
> not going to solve this problem (forging of email headers).
<snip>

You are in error sir.  Please check out the feature sets of eSafe Content Security Gateway, Network Associate's 
security gateway and others.  eSafe for example does indeed check that email originates on the correct interface for 
local users. I found out that the network associates CSG does the exact same thing on a penetration test just last week 
when the customer explicitly asked me to attempt to send a false directive in email by spoofing the sender's address to 
an executive's address.  Not only do the content security gateways address this issue, but postfix addresses it 
specifically.  SSL/TLS would be an encryption mechanism protecting client authentication which would also defeat this 
problem if auth were required to send mail.  


The problem as I understand it:

spammer masquerading as fakeuser () yourdomain com connects to mail.yourdomain.com and sends a message to any 
recipient.  Additionally, this would be a way for an attacker to send false business directives, bogus or misleading 
communications etc... by pretending to be a member of your organization.  (yes, I know about digital signatures and 90% 
of the organizations out there don't use them, nor do people look at headers as a rule).


All of the listed solutions prevent "spoofing" of internal email addresses by external resources.  Authentication (via 
SSL/TLS) solves the problem of the roadwarrior using a dialup somewhere. Postfix has a specific configuration parameter 
limiting *@yourdomain.com to sending from a specific network. 

<snipped per moderator's suggestion/requirement>
Here's some FM to R.

ftp://ftp.ealaddin.com/pub/manuals/esg/esg3.x/econsole_admin.pdf
See page 113.  The sections on "ANTI SPOOFING" and "ANTI RELAY" which talk about how to do EXACTLY what you claim it 
won't do.

Also see:
http://www.postfix.org/basic.html#mydomain