Bugtraq mailing list archives
Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3)
From: "Ram'on Reyes Carri'on" <ramon () cimat mx>
Date: Fri, 6 Jul 2001 09:54:01 -0500 (CDT)
Hi! Yes it is true! It works, with a small change in the example to match the string in my script (I had to customize it initially). A quick workaround that I have just applied is to make sure that the string does not contain /sendmail/ so it cannot be injected into syslog via sendmail (may be injected some other way!). Hope this helps while, a better solution is suggested. Regards, Ramon. On Tue, 3 Jul 2001, Andrea Barisani wrote:
Hi to all,
[...]
The syslog string searched by the script is in this form for the qpop server /POP login by user \"[\-\_\w]+\" at \(.+\) ([0-9]\.]+)/) On some cobalt raq3 servers (with the poprelayd add-on packet installed ) and in general on any system running the poprelayd script with sendmail is possible to "inject" this string in the syslog using sendmail logging. So anyone can insert a fake string with his own IP wich will be parsed by poprelayd and that will permit the use of sendmail as a relay.
[...] ----------------------------------------------------------------------------- CIMAT Ramon Reyes Carrion Apdo. Postal 402 e-mail:ramon () cimat mx 36000 Guanajuato, Gto. Tel (52) (473) 27155 Ext 49571 MEXICO Fax (52) (473) 25749. http://www.cimat.mx/
Current thread:
- poprelayd and sendmail relay authentication problem (Cobalt Raq3) Andrea Barisani (Jul 04)
- Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3) Will DeHaan (Jul 09)
- <Possible follow-ups>
- Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3) Ram'on Reyes Carri'on (Jul 06)
- Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3) Christopher X. Candreva (Jul 07)
- Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3) Chris Adams (Jul 09)
- Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3) Todd R. Eigenschink (Jul 09)
- Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3) bdoctor (Jul 09)
- Re[2]: poprelayd and sendmail relay authentication problem (Cobalt Raq3) Christoph Kuhles (Jul 09)
- Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3) Jason Clifford (Jul 09)
- Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3) Walter Reed (Jul 09)
- Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3) Christopher X. Candreva (Jul 07)
- Re: poprelayd and sendmail relay authentication problem Ed Ravin (Jul 07)