NTMail allows third party mail relaying despite anti-spam settings
| ntmail-relay (2257) |  Medium Risk |
Description:
NTMail provides three levels of anti-spam protection. The first level (and default) prevents all relay of email. NTMail's second level of relay protection contains a vulnerability that allows a remote user to specify a MAIL FROM address of <>, which bypasses NTMail's anti-spam features and allows third party mail relaying. The third level of anti-relay option allows customers to select a completely open server.
Consequences:
Bypass Security
Remedy:
If you are using version 3 of NTMail, select the anti-relay configuration option. Gordano has fixed the second level relay protection in version 4 of NTMail. See References.
References:
- Gordano Ltd. Web site: NTMail.
- NTHELP.COM Web site: NTMail version 3 relay problem.
- CVE-1999-0512: A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.
Platforms Affected:
- Gordano NTMail
- Microsoft Windows 95
- Microsoft Windows NT 4.0
Reported:
Jun 08, 1999
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net