[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: Strange from address
- To: full-disclosure@lists.netsys.com
- Subject: [Full-Disclosure] Re: Strange from address
- From: "Akos Szalkai" <szalkai@2fkft.com>
- Date: Fri, 10 Oct 2003 14:27:03 +0200
Hi James,
> If you insert the following string into the mail from: field #@[] it
> appears to by pass the mx check and replys ok.
if you read the qmail manpages (addresses(5) specifically), you can see
that this a qmail extension: this is the envelope sender of a double
bounce.
What I fail to see however, is that how it can be a security problem.
It is not very difficult to generate envelope senders that pass your mx
check anyway.
Regards,
Akos
--
Akos Szalkai <szalkai@2f.hu>
IT Consultant, CISA
2F 2000 Szamitastechnikai es Szolgaltato Kft.
Tel: (+36-1)-4887700 Fax: (+36-1)-4887709 WWW: http://www.2f.hu/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html