Bugtraq mailing list archives
Re: I found this today and iam reporting it to you first!!! (fwd)
From: Bill_Royds () PCH GC CA (Bill Royds)
Date: Tue, 7 Sep 1999 11:33:24 -0400
The real problem is defining a "Notification message". Every mail server seems to define its notification messages differently. Supposedly notifications come from envelope sender <> so the format shouldn't matter. But so many systems refuse mail from <> with a notification message of their own that the loops keep piling up. To avoid these systems, some sysadmins configure messages as coming from MAILER-DAEMON or postmaster which gets regular error messages back to sender but increases a chance of an email loop. The worst offenders seem to be the coporate email systems such as Notes and Groupwise that were originally developed with only internal usage. They have had SMTP grafted on to them in a rather kludgey way. I had 25MB of postmaster messages this morning from mail loops that only ended when the messages ran over our 6MB email size limit. An internal Notes server lost connectivity to another server. Instead of queuing the messages it returned a non-standard format error message to sender which was refusing <> errors, sending them back. :-) Bret Watson <ticm () POP SOFTHOME NET> on 07/09/99 04:24:00 AM Please respond to Bret Watson <ticm () POP SOFTHOME NET> To: BUGTRAQ () SECURITYFOCUS COM cc: (bcc: Bill Royds/HullOttawa/PCH/CA) Subject: Re: I found this today and iam reporting it to you first!!! (fwd) Exactly... however - many mail servers _are_ misconfigured. especially those using an external-internal relay...
Sit back and watch absolutely nothing happen, unless both mailers are misconfigured. Even the venerable RFC821 (http://www.faqs.org/rfcs/std/std10.html) notes that: Of course, server-SMTPs should not send notification messages about problems with notification messages.
Technical Incursion Countermeasures consulting () TICM COM http://www.ticm.com/ voice mail/fax: (+65)459 6373(UTC+8 hrs) The Insider - a e'zine on Computer security Call for papers Vol 3 Issue 2 http://www.ticm.com/info/insider/index.html
Current thread:
- SCO 5.0.5 /bin/doctor local root comprimise, (continued)
- SCO 5.0.5 /bin/doctor local root comprimise Brock Tellier (Sep 03)
- Re: SCO 5.0.5 /bin/doctor local root comprimise Seth R Arnold (Sep 08)
- Re: I found this today and iam reporting it to you first!!! (fwd) Peter van Dijk (Sep 04)
- Re: I found this today and iam reporting it to you first!!! (fwd) Daniel Dulitz (Sep 04)
- Re: I found this today and iam reporting it to you first!!! (fwd) Bret Watson (Sep 07)
- Re: I found this today and iam reporting it to you first!!! (fwd) Daniel W. Dulitz x108 (Sep 06)
- SCO 5.0.5 /bin/doctor local root comprimise Brock Tellier (Sep 03)
- Re: I found this today and iam reporting it to you first!!! (fwd) Wietse Venema (Sep 04)
- Re: I found this today and iam reporting it to you first!!! (fwd) Alan Brown (Sep 07)
- Re: I found this today and iam reporting it to you first!!! (fwd) Jamie A. Lawrence (Sep 04)
- Re: I found this today and iam reporting it to you first!!! (fwd) Bret Watson (Sep 07)
- Re: I found this today and iam reporting it to you first!!! (fwd) Bill Royds (Sep 07)