Spam: Multiple recipients with 1 legit address and Mercury forwards the lot

NFG

posted Jul 30 '08 at 5:31 am

Thanks for your reply, David.

I confess I am not sure it happened the way I describe, but it was the only thing that made sense to me at the time. I will investigate the whitelisted senders and see if I can figure out where it all went wrong.

Thanks for your reply, David. I confess I am not sure it happened the way I describe, but it was the only thing that made sense to me at the time.  I will investigate the whitelisted senders and see if I can figure out where it all went wrong.

NFG

posted Jul 28 '08 at 9:01 am

I noticed a rather serious problem today:

My system's set up to block illegitimate mail. I demand authentication to relay and I greywall, but today a piece of spam came through with one legitimate address for a local user, and about 12 users on other systems in the CC/BCC fields. Because one user was legit the message was accepted by Mercury, processed, and 12 messages forwarded to other systems.

This strikes me as a rather serious security hole, and I really don't know how to stop it. Any suggestions?

I noticed a rather serious problem today: My system's set up to block illegitimate mail.  I demand authentication to relay and I greywall, but today a piece of spam came through with one legitimate address for a local user, and about 12 users on other systems in the CC/BCC fields.  Because one user was legit the message was accepted by Mercury, processed, and 12 messages forwarded to other systems. This strikes me as a rather serious security hole, and I really don't know how to stop it.  Any suggestions?

David Harris

posted Jul 28 '08 at 10:06 am

[quote user="NFG"]

[/quote]

I don't want to sound like I'm in denial on this, but I don't think it happened the way you describe it. I can't find any way of getting Mercury to do this in testing here - the non-local addresses always return the "We do not relay with RFC2554 authentication" message when I try it, and I've just tried quite a range of possible combinations.

The only scenario that works here is if the sender is actually authenticated, in which case you have an issue of trust with a specific user rather than a technical problem. A variation on the same problem might happen if you have a connection control entry that specifically allows the connecting machine to relay, but once again, that is a configuration issue rather than a security hole.

If you can show me a session log illustrating a clear case of improper relaying, I'll fix it as a matter of urgency, but I'm pretty confident you won't be able to do that.

Cheers!

-- David --

[quote user="NFG"]My system's set up to block illegitimate mail. I demand authentication to relay and I greywall, but today a piece of spam came through with one legitimate address for a local user, and about 12 users on other systems in the CC/BCC fields. Because one user was legit the message was accepted by Mercury, processed, and 12 messages forwarded to other systems. [/quote] I don't want to sound like I'm in denial on this, but I don't think it happened the way you describe it. I can't find any way of getting Mercury to do this in testing here - the non-local addresses always return the "We do not relay with RFC2554 authentication" message when I try it, and I've just tried quite a range of possible combinations. The only scenario that works here is if the sender is actually authenticated, in which case you have an issue of trust with a specific user rather than a technical problem. A variation on the same problem might happen if you have a connection control entry that specifically allows the connecting machine to relay, but once again, that is a configuration issue rather than a security hole. If you can show me a session log illustrating a clear case of improper relaying, I'll fix it as a matter of urgency, but I'm pretty confident you won't be able to do that. Cheers! -- David --

Related Topics

Pending draft

Confirm move posts

Insufficient permissions

Select a different topic

Edit history