| VID |
18057 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The SMTP server allows an attacker to relay mails. The SMTP server that is insufficiently protected against relaying are called "Open Mail Server" or "Open Mail Relay". By constructing a specially-crafted mail message and sending it to the open mail server, an attacker can send a malicious E-Mail(Spam Mail) to the world while concealing their true location.
* References:
http://www.abuse.net/relay.html
http://support.microsoft.com/kb/304897/
http://mail-abuse.net
http://www.sendmail.org/tips/relaying.html
* Platforms Affected:
Any SMTP server Any version |
| Recommendation |
Remove unauthorized relaying features for your mailer. Please refer to the following site document, "How to secure your mail system against third-party relay" for information on how to disable relaying features:
http://www.mail-abuse.com/an_sec3rdparty.html |
| Related URL |
CVE-1999-0512 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
