[Full-Disclosure] Re: Strange from address
Akos Szalkai
szalkai at 2fkft.com
Fri Oct 10 13:27:03 BST 2003
Hi James,
> If you insert the following string into the mail from: field #@[] it
> appears to by pass the mx check and replys ok.
if you read the qmail manpages (addresses(5) specifically), you can see
that this a qmail extension: this is the envelope sender of a double
bounce.
What I fail to see however, is that how it can be a security problem.
It is not very difficult to generate envelope senders that pass your mx
check anyway.
Regards,
Akos
--
Akos Szalkai <szalkai at 2f.hu>
IT Consultant, CISA
2F 2000 Szamitastechnikai es Szolgaltato Kft.
Tel: (+36-1)-4887700 Fax: (+36-1)-4887709 WWW: http://www.2f.hu/
Full-Disclosure is hosted and sponsored by Secunia.