Date: Tue, 4 May 1999 08:53:14 +0200
From: Joachim Larsson <joachim.larsson@sigma.se>
To: BUGTRAQ@netspace.org
Subject: AS/400

Hello all.

I played around with smtp on a as/400+domino machine and found two
obvious bugs, then notified IBM, revieved a ptf, then posted here.

1:  telnet (host) 25, then start feeding chars. After about 200-300
chars the smtp-subsystem will die, needing to be restarted.

2:  change your replyto-address and fromaddress to an non-existing
user/domain then mail to an non-existing user on the 400/domino. This
will cause the mail to loop endlessly between the smtp-subsystem and the
domino subsystem.

This is for general knowledge only, trying to "force" people with
400/domino to react and secure their machines.

Sincerely,
---
(put your favourite signature here)

-----------------------------------------------------------------------------

Date: Wed, 5 May 1999 08:52:42 -0500
From: Ryan Permeh <rrpermeh@RCONNECT.COM>
To: BUGTRAQ@netspace.org
Subject: Re: AS/400

Yeah, i found this a while back on non domino smtp daemons on as400's also.
it's a somewhat simple solution to fix (just turn the SMTP service back
on), but SMTP can be shut off across the network.  i know this worked on
as400 3.X, i haven't had a chance to test on any of the domino types or the
4.X OS levels

Ryan

-----------------------------------------------------------------------------

Date: Wed, 5 May 1999 13:34:40 +0200
From: Pavel Ahafonau <paully@IBA.COM.BY>
To: BUGTRAQ@netspace.org
Subject: Re: AS/400

>I played around with smtp on a as/400+domino machine and found two
>obvious bugs, then notified IBM, revieved a ptf, then posted here.

>1:  telnet (host) 25, then start feeding chars. After about 200-300
>chars the smtp-subsystem will die, needing to be restarted.

>2:  change your replyto-address and fromaddress to an non-existing
>user/domain then mail to an non-existing user on the 400/domino. This
>will cause the mail to loop endlessly between the smtp-subsystem and the
>domino subsystem.

This is good known bug which is not related to AS/400 at all.
This causes to die only Lotus Domino 4.6.1.
I've tried to kill our Lotus Domino 4.6.4 and it still alive ~80)

As for SMTP and Lotus Notes/Domino this is a big problem for it's users
because there no any anti-spam protection like in Sendmail.
Now we are playing with 5th Lotus Domino and there are all this bugs fixed
and anti-spam implemented ~80)

Best regards,
Paully A. Ahafonau.

International Business Alliance (http://www.iba.com.by)

-----------------------------------------------------------------------------

Date: Thu, 6 May 1999 15:37:43 -0500
From: Justin Golden <JustinGolden@MEDIAONE.NET>
To: BUGTRAQ@netspace.org
Subject: Re: AS/400

In fact, you can disable mail forwarding, and thereby avoid the Spam threat
by adding this undocumented parameter to the notes.ini file:
SMTPMTA_REJECT_RELAYS=1

Any mail forwarding will bounce directly back to the sender.

Justin Golden
Precision Systems Concepts


> As for SMTP and Lotus Notes/Domino this is a big problem for it's users
> because there no any anti-spam protection like in Sendmail.
> Now we are playing with 5th Lotus Domino and there are all this bugs fixed
> and anti-spam implemented ~80)
>
> Best regards,
> Paully A. Ahafonau.
>
> International Business Alliance (http://www.iba.com.by)
>

-----------------------------------------------------------------------------

Date: Fri, 7 May 1999 08:44:11 +0200
From: Magosanyi Arpad <mag@BUNUEL.TII.MATAV.HU>
To: BUGTRAQ@netspace.org
Subject: Domino [was: AS/400]

A levelezőm azt hiszi, hogy Pavel Ahafonau a következőeket írta:
> As for SMTP and Lotus Notes/Domino this is a big problem for it's users
> because there no any anti-spam protection like in Sendmail.
> Now we are playing with 5th Lotus Domino and there are all this bugs fixed
> and anti-spam implemented ~80)

There are still problems with Domino anti-spam: If you send a smtp mail
to a domino user who's forwarding address is a smtp address, the domino
smtp MTA will reject the message.

This is security related only by the fact that most of the notes admins
will choose to disable anti-spam after encountering this problem first.

--
GNU GPL: csak tiszta forrásból