Sendmail Redirection Relaying Allowed
Medium Nessus Plugin ID 10250
SynopsisThe remote SMTP server is vulnerable to a redirection attack.
DescriptionThe remote sendmail server accepts messages addressed to recipients of the form '[email protected]@example.com'. A remote attacker could leverage this to reach mail servers behind a firewall or to avoid detection by routing mail through the affected host.
SolutionConsult the sendmail documentation and modify the server's configuration file to avoid such redirections. For example, this may involve adding the following statement at the top of Ruleset 98, in sendmail.cf :
R$*@$*@$* $#error [email protected] 5.7.1 $: '551 Sorry, no redirections.'