?????? #12330 ?????? ???????? SIMS@stalker.com
?? ????: Paul Didzerekis <hostmaster@3-rivers.com>
????: Re: Open relay detected within your network
????: Wed, 8 Jan 2003 08:04:43 -0800
????: SIMS Discussions <SIMS@mail.stalker.com>
Paul, I tried this:

telnet lists.3-rivers.com 25
Trying 63.95.200.2...
Connected to lists.3-rivers.com.
Escape character is '^]'.
220-lists.3-rivers.com Stalker Internet Mail Server V.1.8b9d14 is ready.
220 ESMTP is spoken here. You are welcome
HELO test.mdcclxxvi.com
250 lists.3-rivers.com cannot verify test.mdcclxxvi.com
MAIL FROM:Warren@MDCCLXXVI.com
250 Warren@MDCCLXXVI.com sender accepted
RCPT TO:hostmaster@3-rivers.com
250 hostmaster@3-rivers.com will be relayed to a client.
DATA
354 Enter mail, end with "." on a line by itself
Testing to see if this relays.
.
250 S.0000074461 message accepted for delivery
QUIT
221 lists.3-rivers.com closing connection
Connection closed by foreign host.


mail.3-rivers.com internet address = 63.95.200.5
lists.3-rivers.com internet address = 63.95.200.2


Note that line which says: 250 hostmaster@3-rivers.com will be relayed to a client.

The secondary (lists) views the primary (63.95.200.5) as a client because of your entry in client hosts saying:
63.95.200.1-63.95.200.127

Apparently, this will cause (or allow) relaying *without* the router line:
3-rivers.com = 3-rivers.com.smtp

This line is NOT in your secondary's router now but relaying still takes place because of this "client" status.

This may be the source of the problem.

Dmitry?


Seems to me the existence of the primary server in the client host list of the backup server will allow relaying to a local account on the primary only.

But I think that the addition of the .smtp line in the router on the backup is what opens the system to relaying to anywhere.  It's the combination of the two together, but keep reading.  If that is true then anyone could setup a SIMS box and add anyone else's SIMS box (yours or mine) to their client host list and also add that .smtp router line routing from their server to yours and then they would be able to relay mail through that hijacked server.

If this is true it is a huge vulnerability that needs to be fixed ASAP.

I have expressed my concerns to Dmitry at Stalker and we will just have to see what he has to say about this.

Thanks,
--
Paul Didzerekis
Owner, Three Rivers Internet
http://www.3-rivers.com or http://www.threeriversinternet.com
Professional website hosting, authoring, & consulting.
       E-commerce using our exclusive EasyCartSystem
FREE website hosting for non-profits at http://nonprofitmac.com/
LOCAL PHONE 946-3163         ******       TOLL FREE 800-426-6646
??????????? (?????) ??????????? (????????) ??????????? (??????????) ?????????? ???????? Listmaster-?