Tutorial - Mail Relay Problem

Mail Relay Problem

Impact

Older versions of the sendmail program did not provide sufficient safeguards against mailcious users sending spam mail through a third party computer. Further, the spam mail will often have a forged source address.

Background

Until 1999, most implementations of sendmail and its clones provided little checking of source and destination addresses. For example a user on host A could use the sendmail on Host B sending mail to a user on Host C with a source email address from Host D. In other words, A hacker on foo.bar.com would use the sendmail at host1.swip.se to send a message 5,000 users with the source address of president@whitehouse.gov.

Resolution

Vendor and Web server patches and workarounds to protect against this vulnerability are available. If your vendor does not have an upgrade, current versions of sendmail from
sendmail.org.