Date: Tue, 4 May 1999 08:53:14 +0200 From: Joachim Larsson <joachim.larsson@sigma.se> To: BUGTRAQ@netspace.org Subject: AS/400 Hello all. I played around with smtp on a as/400+domino machine and found two obvious bugs, then notified IBM, revieved a ptf, then posted here. 1: telnet (host) 25, then start feeding chars. After about 200-300 chars the smtp-subsystem will die, needing to be restarted. 2: change your replyto-address and fromaddress to an non-existing user/domain then mail to an non-existing user on the 400/domino. This will cause the mail to loop endlessly between the smtp-subsystem and the domino subsystem. This is for general knowledge only, trying to "force" people with 400/domino to react and secure their machines. Sincerely, --- (put your favourite signature here) ----------------------------------------------------------------------------- Date: Wed, 5 May 1999 08:52:42 -0500 From: Ryan Permeh <rrpermeh@RCONNECT.COM> To: BUGTRAQ@netspace.org Subject: Re: AS/400 Yeah, i found this a while back on non domino smtp daemons on as400's also. it's a somewhat simple solution to fix (just turn the SMTP service back on), but SMTP can be shut off across the network. i know this worked on as400 3.X, i haven't had a chance to test on any of the domino types or the 4.X OS levels Ryan ----------------------------------------------------------------------------- Date: Wed, 5 May 1999 13:34:40 +0200 From: Pavel Ahafonau <paully@IBA.COM.BY> To: BUGTRAQ@netspace.org Subject: Re: AS/400 >I played around with smtp on a as/400+domino machine and found two >obvious bugs, then notified IBM, revieved a ptf, then posted here. >1: telnet (host) 25, then start feeding chars. After about 200-300 >chars the smtp-subsystem will die, needing to be restarted. >2: change your replyto-address and fromaddress to an non-existing >user/domain then mail to an non-existing user on the 400/domino. This >will cause the mail to loop endlessly between the smtp-subsystem and the >domino subsystem. This is good known bug which is not related to AS/400 at all. This causes to die only Lotus Domino 4.6.1. I've tried to kill our Lotus Domino 4.6.4 and it still alive ~80) As for SMTP and Lotus Notes/Domino this is a big problem for it's users because there no any anti-spam protection like in Sendmail. Now we are playing with 5th Lotus Domino and there are all this bugs fixed and anti-spam implemented ~80) Best regards, Paully A. Ahafonau. International Business Alliance (http://www.iba.com.by) ----------------------------------------------------------------------------- Date: Thu, 6 May 1999 15:37:43 -0500 From: Justin Golden <JustinGolden@MEDIAONE.NET> To: BUGTRAQ@netspace.org Subject: Re: AS/400 In fact, you can disable mail forwarding, and thereby avoid the Spam threat by adding this undocumented parameter to the notes.ini file: SMTPMTA_REJECT_RELAYS=1 Any mail forwarding will bounce directly back to the sender. Justin Golden Precision Systems Concepts > As for SMTP and Lotus Notes/Domino this is a big problem for it's users > because there no any anti-spam protection like in Sendmail. > Now we are playing with 5th Lotus Domino and there are all this bugs fixed > and anti-spam implemented ~80) > > Best regards, > Paully A. Ahafonau. > > International Business Alliance (http://www.iba.com.by) > ----------------------------------------------------------------------------- Date: Fri, 7 May 1999 08:44:11 +0200 From: Magosanyi Arpad <mag@BUNUEL.TII.MATAV.HU> To: BUGTRAQ@netspace.org Subject: Domino [was: AS/400] A levelezőm azt hiszi, hogy Pavel Ahafonau a következőeket írta: > As for SMTP and Lotus Notes/Domino this is a big problem for it's users > because there no any anti-spam protection like in Sendmail. > Now we are playing with 5th Lotus Domino and there are all this bugs fixed > and anti-spam implemented ~80) There are still problems with Domino anti-spam: If you send a smtp mail to a domino user who's forwarding address is a smtp address, the domino smtp MTA will reject the message. This is security related only by the fact that most of the notes admins will choose to disable anti-spam after encountering this problem first. -- GNU GPL: csak tiszta forrásból