* [9fans] upas redirection vulnerability
@ 2007-09-29 15:50 erik quanstrom
0 siblings, 0 replies; only message in thread
From: erik quanstrom @ 2007-09-29 15:50 UTC (permalink / raw)
To: 9fans
i submitted a patch to /n/sources/plan9/mail/lib/validateaddress
which geoff put in. it turns out this patch is quite a bit more
important than i thought. without it, upas is an open spam relay.
it works like this. spammer sends mail with a forged From: line
and a To: line that mail -x will flag as an "Invalid address". the old
script would not flag this for rejection and upas would send a
failure notice to the sender, thus spamming the guy in the forged
From: line.
- erik
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2007-09-29 15:50 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-09-29 15:50 [9fans] upas redirection vulnerability erik quanstrom
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).