Sendmail Redirection Relaying Allowed

This script is Copyright (C) 1999-2013 Tenable Network Security, Inc.

Synopsis :

The remote SMTP server is vulnerable to a redirection attack.

Description :

The remote sendmail server accepts messages addressed to recipients
of the form '[email protected]'. A remote attacker could
leverage this to reach mail servers behind a firewall or to avoid
detection by routing mail through the affected host.

Solution :

Consult the sendmail documentation and modify the server's
configuration file to avoid such redirections. For example, this may
involve adding the following statement at the top of Ruleset 98, in :

R$*@$*@$* $#error [email protected] 5.7.1 $: '551 Sorry, no redirections.'

Risk factor :

Medium / CVSS Base Score : 5.0

Family: SMTP problems

Nessus Plugin ID: 10250 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now