Naming Trick Opens Mail Servers


Recommended Posts

6 August 2009, 15:45

Naming trick opens mail servers

A number of Vietnamese spam sources are currently attracting attention because the spammers have equipped the relevant hosts with DNS pointer records called "localhost". As a result, IP addresses like 123.27.3.81, 222.252.80.188 or 123.16.13.188 produce this name when a reverse look-up occurs. The problem is caused by badly configured Domain Name Systems, as "localhost" should generally translate to a single IP address – 127.0.0.1 – which is reserved for local system loopback.

Some mail servers are configured in such a way that they don't even accept emails from clients that exhibit a name that returns an obviously incorrect reverse lookup. However other mail servers give preferential treatment to "localhost" and grant the Far-Eastern clients a special privilege, namely the "relaying" of emails to arbitrary recipients even outside the local network, because the servers or administrators have assumed that "localhost" is part of the local network.

Mail server operators must make sure they avoid falling victim to this trick. For example, they can make relays only available from local IP addresses and not identify clients by reverse look-up DNS names. Normal open relay tests don't produce an alert in this case, because the test client usually isn't called "localhost". Several vulnerable mail servers have already been added to the iX blacklist. In addition to blacklisting, the operators of open relays potentially face having to pay damages to spam or malware recipients.

(djwm)

Heise security - http://www.h-online.com/security/Naming-tr...s--/news/113946

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...