Full Disclosure mailing list archives

Re: Apparently the practice was prevalent

From: Martin Mačok <martin.macok () underground cz>
Date: Wed, 11 Feb 2004 13:17:00 +0100

On Wed, Feb 11, 2004 at 10:23:32AM -0000, John.Airey () rnib org uk wrote:

In fact, RFC 2822 which obsoletes RFC 822 doesn't even mention
relays.


Of course. It also doesn't mention space ships. It's just about
something else. It has not anything to do with "email relaying".

What do space ships have to do with this discussion? There's no
mention of them in RFC 822, so this is hardly relevant.


RFC 822 has nothing to do with SMTP, relaying nor space ships. That is
what those things have in common.

The right one is RFC 2821. See the quote of "Relaying" part from
my previous post.

2821 supersedes 821, which also implies you should have open relays.


Again, not true. See section "Relaying" in RFC 2821 (quoted in one of my
previous posts).

Next time, please, quote the text from the RFC you are referring to.

It states that you should have EXPN enabled.


Really?

RFC 2821

7.3 VRFY, EXPN, and Security

   As discussed in section 3.5, individual sites may want to disable
   either or both of VRFY or EXPN for security reasons.

[..]

Is there any RFC that specifies that open relays are a bad idea?


Do not expect that there is an RFC for every bad idea around ...

Which basically means that anything not strictly allowed isn't.


No, I don't think so.

No you can't. I also found RFC 2505 after sending my mail, however it still
mentions nothing about open relays.


RFC 2505

2.1. Restricting unauthorized Mail Relay usage

[..]

   Instead, the MTA MUST be able to authorize Mail Relay usage based on
   a combination of:

   o   "RCPT To:" address (domain).
   o   SMTP_Caller FQDN hostname.
   o   SMTP_Caller IP address.

   The suggested algorithm is:

   a)  If "RCPT To:" is one of "our" domains, local or a domain that
       we accept to forward to (alternate MX), then accept to Relay.

   b)  If SMTP_Caller is authorized, either its IP.src or its FQDN
       (depending on if you trust the DNS), then accept to Relay.

   c)  Else refuse to Relay.

[..]

In other words, "do not have open relays".

Martin Mačok

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Apparently the practice was prevalent, (continued)
- - RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
    - RE: Apparently the practice was prevalent Nick FitzGerald (Feb 09)
    - RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 09)
- RE: Apparently the practice was prevalent Schmehl, Paul L (Feb 09)
  - Re: Apparently the practice was prevalent Cael Abal (Feb 09)
- RE: Apparently the practice was prevalent John . Airey (Feb 10)
  - Re: Apparently the practice was prevalent Martin Mačok (Feb 10)
- RE: Apparently the practice was prevalent John . Airey (Feb 10)
  - Re: Apparently the practice was prevalent Martin Mačok (Feb 10)
- RE: Apparently the practice was prevalent John . Airey (Feb 11)
  - Re: Apparently the practice was prevalent Martin Mačok (Feb 11)
- RE: Apparently the practice was prevalent John . Airey (Feb 11)
  - Re: Apparently the practice was prevalent Martin Mačok (Feb 11)