Third-party mail relaying can be used to obfuscate the origin of emails

smtp-sendmail-relay (210) The risk level is classified as MediumMedium Risk

Description:

Some SMTP servers support third-party or %style mail relaying. Third-party mail relaying occurs when a mail server processes a mail message where neither the sender nor the recipient is local to the server's mail domain.

While third party relaying has some legitimate purposes, such as allowing mail messages to be routed around known mail problems, email hijackers (or spammers) primarily use it to obscure their identity while sending large amounts of junk mail.


Consequences:

Other

Remedy:

Reconfigure your SMTP server to enforce that all mail messages must either originate or terminate locally (on the mail host). Information on how to secure your mail system against relaying is available from the "How Can I Fix the Problem?" document listed in the references.

References:

Platforms Affected:

  • Compaq Tru64
  • Cray UNICOS
  • Data General DG/UX
  • Digital Ultrix
  • HP Apollo Domain OS SR10.3
  • HP ConvexOS
  • HP HP-UX
  • IBM AIX
  • IETF SMTP
  • Linux Kernel
  • Microsoft Windows 2000
  • Microsoft Windows 2003 Server
  • Microsoft Windows NT 4.0
  • Microsoft Windows XP
  • NeXT NeXTSTEP
  • SCO SCO Unix
  • Sendmail Sendmail
  • SGI IRIX
  • Sun Solaris
  • WindRiver BSDOS

Reported:

Not available

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page