From discussions with various people, I think the best workarounds for this problem might be: * if the errors-to: field has > 1 recipient, it's very likely to be spam. Do not process it - log and drop it * if your MTA just adds a few lines to the top of the NDR or encapsulates the message entirely before sending it to errors-to:, you need to find a way to remove the original message This is the bit that will make mail list administration that much harder: * if you are the postmaster or (even better) the MTA configurator for your platform, consider turning errors-to: processing off by default MTAs probably not vulnerable by default: Postfix (pretty much all versions) Sendmail (at least) >= 8.9.3 has errors-to: processing turned off by default in the ISC distribution. Vendor Unixes, Linux distro's, *BSD configurations = unknown at this time Exchange 5.5/2000, to a limited degree. Exchange 5.5 and 2000 will encapsulate the original mail in the NDR. In addition, Exchange 2000 adds a delivery read receipt header as well. This could be used as a rather lame method of DDoS as one SMTP exchange will generate at least two resultant SMTP exchanges. Andrew ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Sep 16 2001 - 18:25:35 PDT