Full Disclosure mailing list archives
Another NTmail exploit
From: "Geoincidents" <geoincidents () getinfo org>
Date: Sat, 23 Nov 2002 11:16:39 -0500
GMS (what used to be called NTmail) has a filtering feature called "rwords" that allows you to block incoming email based on word or phrase. If you add a phrase to the rwords list then no email with that phrase should be delivered to your users. Likewise if you add a virus signature this feature can be used to block email virus.
From anywhere in the world try the following (replace rwords and the
addresses then cut and paste this into a command prompt if you like): telnet mail.targetmailserver.com 25 helo bob mail from:targetuser () targetmailserver com rcpt to:targetuser () targetmailserver com data From:targetuser () targetmailserver com To:targetuser () targetmailserver com Subject:delivery test this is a test rwords go here . quit Now go check that mailbox, rwords filtered email should not have been delivered to it but there it is.. complete with virus or whatever else you were trying to filter. This makes it trivial for anyone to bypass rwords type filters. If your boss tells you to filter out emails requesting a r e s u m e from employees then I could easily send your boss an email requesting his. Geo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Euan Briggs / Stripey Euan Briggs (Nov 23)
- Another NTmail exploit Geoincidents (Nov 23)