Vulnerability Development mailing list archives
NTmail exploit
From: "Geo." <georger () nls net>
Date: Mon, 18 Sep 2000 08:51:35 -0400
I saw someone report an exploit for NTmail version 3 and just wanted to post that it's possible to use this againt NTmail version 5e and 5g as well. Basically the exploit is this, NTmail has a "local mail only" feature where either the from or to address must be a locally hosted address. This feature is totally broken in that if you use mail from; <-note semi-colon instead of colon NTmail will pass the mail with a non-local TO address and in doing so totally hoses up the from address. What this means is that every NTmail server on the net that is not limited by an IP address range is a wide open relay. Cure: Open the web configuration interface, go to "incoming" then to the "redirect" tab and add a new rule. In the "mail clause" field type in "from;*" without the quotes and then set it to either refuse or redirect the mail as you like. I tried to post this to the NTmail support list but it is a moderated list and Gordano refuses to allow the message to pass in order to warn all NTmail admins. So I'm posting this to the security lists in order to get notification of the exploit and at least one possible fix out to as many people as possible. I'm still talking to Gordano but at this time it doesn't look like they are going to fix this. Geo.
Current thread:
- NTmail exploit Geo. (Sep 18)
- <Possible follow-ups>
- Re: NTmail exploit John Stanners (Sep 19)