[Simon Walter] Re: Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks

Stephen Swaney steve at fsl.com
Wed Dec 3 23:52:32 GMT 2008 





Simon Walter wrote:
>
> Hi,
>
> I send this through the mailinglist because I can't send it to
> Julian directly because of the following:
>
>  mailscanner at ecs.soton.ac.uk
>     SMTP error from remote mail server after MAIL FROM:<simon.walter at hp-factory.de>:
>     host mx.ecs.soton.ac.uk [152.78.68.137]: 553 5.1.8 sender <simon.walter at hp-factory.de> from hp-factory.de MX invalid #439 (kB2Lcm295123146500)
>
> I don't know what's causing this...
>
> Anyway, here is the mail in which some of you should be interested too.
>
> -------------------- Start of forwarded message --------------------
> To: Mark Purcell <msp at debian.org>
> Cc: 506353 at bugs.debian.org,  Raphael Geissert <atomo64 at gmail.com>, mailscanner at ecs.soton.ac.uk
> BCC: control at bugs.debian.org
> Subject: Re: Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks
> X-Draft-From: ("nnml:debian.bugs" 284)
> References: <200811201524.52353.atomo64 at gmail.com>
> 	<200812032338.02957.msp at debian.org>
> From: Simon Walter <simon.walter at hp-factory.de>
> Date: Wed, 03 Dec 2008 22:28:09 +0100
> In-Reply-To: <200812032338.02957.msp at debian.org> (Mark Purcell's message of "Wed\, 3 Dec 2008 23\:38\:02 +1100")
> Message-ID: <877i6hhrti.fsf at hp-factory.de>
> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux)
> Lines: 51
> Xref: tharlab others.sent:737
>
>
> Simon,
>
> You been caught out by Julian's smtpf / BarricadeMX installation. Anytime you spot a messageID like kB2Lcm295123146500, starts with "k" and 18 characters long, smtpf has probably been the application that accepted, and in this case, blocked, your e-mail  But please notice that it was nice enough to send you an NDR.
>
> To see exactly what tripped it up I would need access to Julian's logs or configuration file.
>
> Best regards,
>
> Steve
>
> Steve Swaney
> steve at fsl.com
> www.fsl.com

More information about the MailScanner mailing list