MSRFCs versus RFCs?

joej at Rocknyou.com joej at Rocknyou.com
Thu Nov 28 06:53:06 UTC 2002


Happy Thanksgiving all!

	While I don't think I'll get a response to this
question over the holidays, I thought I'd at least present
it for response post Thanksgiving.
	I have a site that (along with others) has decided
to use MSExchange as their SMTP hub. One of the problems I am
seeing with this is that the current configuration allows for
any inbound domain traffic. In otherwords, the exchange server
seems to allow emails destin for any domain, then sends a None
Delivery Report to the "Mail From" party. My argument is that 
there lies an exploit with this senario. In otherwords (and those
of you that probably know where I am going with this just skip 
ahead) If I send an email to JoeSmo at domain.com and spoof the
Mail From as Victim at innocentdomain.com to an Exchange Server
setup in this manor, the Exchange server will bounce an email
to the Victim at innoccentdomain.com. While this is all fine and
dandy, if a person(s) decides to use this as a mailbomb method
and exploit this, its rather simple to do. So, in short I am 
aguing that
1> Mail destine for a domain not handled should be 550 Denied.
2> None Delivery Reports should only be sent for Domains Handled.
3> That a Firewall should not be doing Domain checking for SMTP

What I am at a loss for is RFCs that explicitly state this, that
is NDR for other domains, and accepting for other domains.
Perhaps I missed something or one of them. 
Anyone have to deal with this situation? 
Any suggestions on how to argue this? 
Am I perhaps missing something? 
Does Bill Gates feel that "Monopoly is just a game, I want the world!"
Just kidding.

Thanks in advance, and again Happy Thanksgiving!

-Joe




More information about the NANOG mailing list