Bugtraq mailing list archives

Re: I found this today and iam reporting it to you first!!! (fwd)

From: dulitz () VALLEYTECH COM (Daniel W. Dulitz x108)
Date: Mon, 6 Sep 1999 17:12:31 -0400


[ We're veering into technical mail stuff, so this will be my last
  cc: to Bugtraq. ]

Bret Watson writes:

Exactly... however - many mail servers _are_ misconfigured. especially
those using an external-internal relay...


Preventing infinite error bouncing is not terribly difficult to begin
with, and it's no more or less difficult on a boundary relay than it
is on an ordinary MX relay.  It takes quite a bit of work to
misconfigure sendmail or qmail so that they will cause mail loops for
bounce messages.  Remember that the original claim was:

basically find two sites whose FW is conf'd to accept all mail and forward
it to the real mailserver. If this mailserver bounces invalid addresses
then you're on your way...


And that's just wrong, as was the original suggestion that the problem
is caused by delayed error notification.  The problem is caused by a
difficult-to-accomplish misconfiguration: either (a) the Return-Path
header was incorrectly set, or (b) the bounce message was sent with a
non-null envelope address.

Best,
daniel dulitz

Current thread:

I found this today and iam reporting it to you first!!! (fwd) Alfred Huger (Aug 30)
- <Possible follow-ups>
- Re: I found this today and iam reporting it to you first!!! (fwd) blue0ne (Sep 02)
- Re: I found this today and iam reporting it to you first!!! (fwd) Technical Incursion Countermeasures (Sep 02)
  - [SECURITY] TenFour TFS SMTP 3.2 Buffer Overflow Christophe Lesur (Sep 02)
  - SCO 5.0.5 /bin/doctor local root comprimise Brock Tellier (Sep 03)
    - Re: SCO 5.0.5 /bin/doctor local root comprimise Seth R Arnold (Sep 08)
  - Re: I found this today and iam reporting it to you first!!! (fwd) Peter van Dijk (Sep 04)
  - Re: I found this today and iam reporting it to you first!!! (fwd) Daniel Dulitz (Sep 04)
    - Re: I found this today and iam reporting it to you first!!! (fwd) Bret Watson (Sep 07)
    - Re: I found this today and iam reporting it to you first!!! (fwd) Daniel W. Dulitz x108 (Sep 06)
  - Re: I found this today and iam reporting it to you first!!! (fwd) Wietse Venema (Sep 04)
    - Re: I found this today and iam reporting it to you first!!! (fwd) Alan Brown (Sep 07)
  - Re: I found this today and iam reporting it to you first!!! (fwd) Jamie A. Lawrence (Sep 04)
- Re: I found this today and iam reporting it to you first!!! (fwd) Bret Watson (Sep 07)
- Re: I found this today and iam reporting it to you first!!! (fwd) Bill Royds (Sep 07)