Report forwarded to debian-bugs-dist@lists.debian.org, Soenke Lange <soenke@escher.north.de>:
Bug#7711; Package smail.   debian-bugs-dist@lists.debian.orgSoenke Lange <soenke@escher.north.de>  Sorry, this message was lost when this bug report was restored from a backup.   Acknowledgement sent to Lars Wirzenius <liw@iki.fi>:
New bug report received and forwarded. Copy sent to Soenke Lange <soenke@escher.north.de>.   Lars Wirzenius <liw@iki.fi>  Sorry, this message was lost when this bug report was restored from a backup.   Received: (at submit) by bugs.debian.org; 28 Feb 1997 13:46:42 +0000 Received: (qmail 22181 invoked from network); 28 Feb 1997 13:46:39 -0000 Received: from hauki.clinet.fi (root@194.100.0.1) by master.debian.org with SMTP; 28 Feb 1997 13:46:17 -0000 Received: from liw.clinet.fi (root@liw.clinet.fi [194.100.36.3]) by hauki.clinet.fi (8.8.5/8.6.4) with ESMTP id PAA11189 for ; Fri, 28 Feb 1997 15:38:37 +0200 (EET) Received: from liw.clinet.fi ([127.0.0.1]) by liw.clinet.fi with esmtp (ident liw using rfc1413) id m0w0SW9-000Ak9C (Debian Smail-3.2 1996-Jul-4 #2); Fri, 28 Feb 1997 15:38:33 +0200 (EET) Message-Id: From: Lars Wirzenius X-No-Archive: yes To: submit@bugs.debian.org Subject: smail allows third-party relaying Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 28 Feb 1997 15:38:31 +0200 Sender: liw@clinet.fi Package: smail Version: 3.2-3 smail allows a remote user to send mail to another remote user. This technique is often used by spammers and other abusers to make it more difficult to find the origin of a spam. It is not otherwise very useful for most people. I think it would be better if the default configurations of smail wouldn't allow it, and it would have to be explicitly allowed by the sysadmin. To test it: You need two systems: a Debian system running smail (debian.foo), and another system, running anything, but able to receive mail (other.foo). Give the following commands, on other.foo: telnet debian.foo 25 HELO other.foo MAIL FROM: RCPT TO: DATA From: username@other.foo To: username@other.foo Subject: Testing Debian smail's third party relaying This probably shouldn't arrive... . QUIT (The second to last line must be a dot.) That the mail arrives shows that debian.foo relays mail for third-parties, and is going to be abused, if not fixed. -- Please read before mailing me.