Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2

[daniele () ORLANDI COM (Daniele Orlandi)]

Matt Dunn wrote:
> Actually, the default install of 8.9.3 does NOT in and of itself fix this
> problem. I'm looking into the rulesets that will specifically handle this.

The vulnerable rules seem to be the ones from Claus Aussman and many derived
from them, including a set of rules I wrote by myself.
I fixed them by replacing the part which checks for a local recipient with the
more complex set from RedHat 6.0 that appears to take care of dequoting the
recipient address.

I hope this could be of help for users of home-made rules.

# remove local part, maybe repeatedly
R$*<@$=w.>$*                    $>3 $1 $3
# If you want to use RelayTo uncomment the following line
R$*<@$*$={RelayTo}.>$*          $>3 $1 $4
R$*<@$+>$*                      $#error $@ 5.7.1 $: "571 Relay denied"

--------------------Replace with:

# remove local part, maybe repeatedly
R$+                             $:$>removelocal $1
# still something left?
R$*<@$+>$*                      $#error $@ 5.7.1 $: "571 Relay denied"

Sremovelocal
# remove RelayTo part (maybe repeatedly)
R$*<@$*$={RelayTo}.>$*          $>3 $1 $4
R$*<@$=w.>$*                    $: $>removelocal $>3 $1 $3
R$*<@$*>$*                      $@ $1<@$2>$3
# dequote local part
R$-                             $: $>3 $(dequote $1 $)
R$*<@$*>$*                      $: $>removelocal $1<@$2>$3

Bye!

--
 Daniele

-------------------------------------------------------------------------------
 Daniele Orlandi - Utility Line Italia
 Via Mezzera 29/A - 20030 - Seveso (MI) - Italy
-------------------------------------------------------------------------------