Third-party mail relaying can be used to obfuscate the origin of emails

smtp-sendmail-relay (210) The risk level is classified as MediumMedium Risk

Description:

Some SMTP servers support third-party or %style mail relaying. Third-party mail relaying occurs when a mail server processes a mail message where neither the sender nor the recipient is local to the server's mail domain.

While third party relaying has some legitimate purposes, such as allowing mail messages to be routed around known mail problems, email hijackers (or spammers) primarily use it to obscure their identity while sending large amounts of junk mail.

Platforms Affected:

  • Compaq, Tru64
  • Cray, UNICOS
  • Data General, DG/UX
  • Digital, Ultrix
  • HP, Apollo Domain OS SR10.3
  • HP, ConvexOS
  • HP, HP-UX
  • IBM, AIX
  • IETF, SMTP
  • Linux, Kernel
  • Microsoft, Windows 2000
  • Microsoft, Windows 2003 Server
  • Microsoft, Windows NT 4.0
  • Microsoft, Windows XP
  • NeXT, NeXTSTEP
  • SCO, SCO Unix
  • Sendmail, Sendmail
  • SGI, IRIX
  • Sun, Solaris
  • WindRiver, BSDOS

Remedy:

Reconfigure your SMTP server to enforce that all mail messages must either originate or terminate locally (on the mail host). Information on how to secure your mail system against relaying is available from the "How Can I Fix the Problem?" document listed in the references.

Consequences:

Other

References:

Reported:

Not available

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page