ISS X-Force Database: smtp-sendmail-relay(210): Third-party mail relaying can be used to obfuscate the origin of emails

Third-party mail relaying can be used to obfuscate the origin of emails

smtp-sendmail-relay (210)

Medium Risk

Description:

Some SMTP servers support third-party or %style mail relaying. Third-party mail relaying occurs when a mail server processes a mail message where neither the sender nor the recipient is local to the server's mail domain.

While third party relaying has some legitimate purposes, such as allowing mail messages to be routed around known mail problems, email hijackers (or spammers) primarily use it to obscure their identity while sending large amounts of junk mail.

Platforms Affected:

Compaq, Tru64
Cray, UNICOS
Data General, DG/UX
Digital, Ultrix
HP, Apollo Domain OS SR10.3
HP, ConvexOS
HP, HP-UX
IBM, AIX
IETF, SMTP
Linux, Kernel
Microsoft, Windows 2000
Microsoft, Windows 2003 Server
Microsoft, Windows NT 4.0
Microsoft, Windows XP
NeXT, NeXTSTEP
SCO, SCO Unix
Sendmail, Sendmail
SGI, IRIX
Sun, Solaris
WindRiver, BSDOS

Remedy:

Reconfigure your SMTP server to enforce that all mail messages must either originate or terminate locally (on the mail host). Information on how to secure your mail system against relaying is available from the "How Can I Fix the Problem?" document listed in the references.

Consequences:

Other

References:

Anti-Relay: Stop Third-Party Mail Relay, How Can I Fix the Problem? at http://mail-abuse.org/tsi/ar-fix.html.
CIAC Information Bulletin I-005c, E-Mail Spamming countermeasures: Detection and prevention of E-Mail spamming at http://www.ciac.org/ciac/bulletins/i-005c.shtml.
Mail Abuse Protection System (MAPS), MAPS, LLC home page at http://maps.vix.com.
Request for Comment document RFC 2505, Anti-Spam Recommendations for SMTP MTAs at http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2505.html.
Scott Hazen Mueller Web site, Fight Spam on the Internet! at http://spam.abuse.net/.
Sendmail Consortium Web site, Anti-Spam Provisions in Sendmail 8.8 at http://www.sendmail.org/antispam.html.
CVE-1999-0512: A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.

Reported:

Not available

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page