Sendmail Redirection Relaying Allowed

Medium Nessus Plugin ID 10250


The remote SMTP server is vulnerable to a redirection attack.


The remote sendmail server accepts messages addressed to recipients of the form '[email protected]'. A remote attacker could leverage this to reach mail servers behind a firewall or to avoid detection by routing mail through the affected host.


Consult the sendmail documentation and modify the server's configuration file to avoid such redirections. For example, this may involve adding the following statement at the top of Ruleset 98, in :

R$*@$*@$* $#error [email protected] 5.7.1 $: '551 Sorry, no redirections.'

Plugin Details

Severity: Medium

ID: 10250

File Name: sendmail_redirection.nasl

Version: $Revision: 1.28 $

Type: remote

Published: 1999/08/25

Modified: 2013/02/05

Dependencies: 10263, 10249, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:sendmail:sendmail