Full Disclosure mailing list archives
Re: Strange from address
From: "Akos Szalkai" <szalkai () 2fkft com>
Date: Fri, 10 Oct 2003 14:27:03 +0200
Hi James,
If you insert the following string into the mail from: field #@[] it appears to by pass the mx check and replys ok.
if you read the qmail manpages (addresses(5) specifically), you can see that this a qmail extension: this is the envelope sender of a double bounce. What I fail to see however, is that how it can be a security problem. It is not very difficult to generate envelope senders that pass your mx check anyway. Regards, Akos -- Akos Szalkai <szalkai () 2f hu> IT Consultant, CISA 2F 2000 Szamitastechnikai es Szolgaltato Kft. Tel: (+36-1)-4887700 Fax: (+36-1)-4887709 WWW: http://www.2f.hu/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- strange from address James Devine (Oct 07)
- Re: strange from address Sebastian Niehaus (Oct 07)
- <Possible follow-ups>
- Re: Strange from address Akos Szalkai (Oct 10)