|Title:||Sendmail redirection check|
The remote SMTP server is vulnerable to a redirection attack. That is, if a
mail is sent to :
Then the remote SMTP server (victim) will happily send the mail to :
Using this flaw, an attacker may route a message through your firewall, in
order to exploit other SMTP servers that can not be reached from the
Solution : In sendmail.cf, at the top of ruleset 98, in /etc/sendmail.cf,
insert the following statement :
R$*@$*@$* $#error $@ 5.7.1 $: '551 Sorry, no redirections.'
Risk factor : Low
|Copyright||This script is Copyright (C) 1999 Renaud Deraison|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.