Hey all,
I'm running a series of test against my servers and all of the server are
reporting some false positives (I've confirmed the files in question weren't
created), but other are harder to track down and understand. I'm hoping
someone can shed some light on these issues. Far all I know, they too can be
false positives. But I'd like to make sure. Also, without starting a holy
war, what are the benefits to changing to changing the helo to give no
information about the server. Normally I would say this is good, but should
I know do it with a public mail server?
Thanks,
Hank
1)The remote STMP server seems to allow remote users to
send mail anonymously by providing a too long argument
to the HELO command (more than 1024 chars).
This problem may allow bad guys to send hate
mail, or threatening mail using your server
and keep their anonymity.
2)The remote SMTP server is vulnerable to a redirection
attack. That is, if a mail is sent to :
user@hostname1@victim
Then the remote SMTP server (victim) will happily send the
mail to :
user@hostname1
Using this flaw, an attacker may route a message
through your firewall, in order to exploit other
SMTP servers that can not be reached from the
outside.
