ntmail3relay.txt

`<http://www.nthelp.com/40/ntmailspam.htm>  
  
NTMail version 3 relay problem  
  
  
  
NTmail3 appears to have a small hole that allows anyone to use an NTmail3   
server as a relay mail server. Basically here is how it works. NTmail3 is   
set to not allow relay (either the TO or FROM address must be local) JUCE   
(a $500 antispamming add-on from the makers of NTmail) has been installed   
and used to lock the server down from the spammers.  
  
I:>open mail.someisp.net 25  
  
220-Unauthorized Use Prohibited  
220 mail.someisp.net WindowsNT SMTP Server v3.03.0017/1.aihl/SP ESMTP ready at Sun, 6 Jun 1999 10:39:30 -0400  
  
helo  
  
250 mail.someisp.net [192.168.0.0]  
  
mail from:<>  
  
250 Ok.  
  
rcpt to:[email protected]  
  
250 Ok.  
  
data  
  
354 Start mail input, end with <CRLF>.<CRLF>.  
  
buy my crap  
  
sincerely,  
some lame spammer  
.  
  
250 Requested mail action Ok.  
  
So the stupid program appears to think that <> is a local address. Not   
only that but if you use JUCE (the anti spam addon) and have it set to   
stop things with max messages (too many messages and the account gets   
shut down) it will give the postmaster notification when an account hits   
the max message limit, well <> doesn't cause any notification at all. In   
fact it appears to be a sort of special case and may actually get around   
some of the other anti spamming features built into NTmail3.  
  
Gordano LTD (the author of NTmail) doesn't appear to care, their   
response was "we don't support V3 unless you pay", like I was asking a   
question or something... I've even offered to pay them to build me a   
fixed version but instead they have asked me to take the discussion   
elsewhere (instead of their mailing list). Ok, this is elsewhere <g>.  
  
Gordano's solution is to upgrade to NTmail 4, which costs oh.. about 4x   
what you paid for version 3. Also if you purchase version 4 and find it   
unacceptable because of other problems (I can't run it because it can't   
handle the load that version 3 handles), Gordano will be more than happy   
to downgrade you to version 3 (this is how they are trying to retain   
some new customers who are totally unsatisfied with the quality of   
Version 4). So since they are still selling Version 3 in effect it is my   
opinion they should fix the damn thing.  
  
Geo.  
  
PS, NTMail 3.03 is over a year old and the new version has been out for   
about 4 months however it's got so many problems we had to revert back to   
version 3  
  
--------------------------------------------------------------------------------  
  
Date: Tue, 8 Jun 1999 12:07:17 -0400  
From: Geo. <[email protected]>  
To: [email protected]  
Subject: NTMail3 has open relay hole  
  
NTMail version 3 has an open relay exploit that allows anyone to send mail  
thru the server even if it's not local.  
  
See http://www.nthelp.com/40/ntmailspam.htm for the details.  
  
--------------------------------------------------------------------------------  
  
Date: Tue, 8 Jun 1999 07:24:20 -0400  
From: Geo. <[email protected]>  
To: [email protected]  
Subject: NTMail 3 open relay  
  
For all those of you still running NTMail version 3.x  
  
I:>open mail.someisp.net 25  
220-Unauthorized Use Prohibited  
220 mail.someisp.net WindowsNT SMTP Server v3.03.0017/1.aihl/SP ESMTP  
ready  
at Sun, 6 Jun 1999 10:39:30 -0400  
helo  
250 mail.someisp.net [192.168.0.0]  
mail from:<>  
250 Ok.  
rcpt to:[email protected]  
250 Ok.  
data  
354 Start mail input, end with <CRLF>.<CRLF>.  
buy my crap  
  
sincerely,  
some lame spammer  
.  
250 Requested mail action Ok.  
  
Your servers are an open relay host (anyone can relay mail thru them using  
<> as the FROM address), JUCE can't stop this, and as far as I can tell  
there really isn't any good way. ORBS tests for this and will black list  
your servers if they find it.  
  
The solution is to upgrade to NTMail version 4 which doesn't have this  
particular problem.  
  
Geo.  
  
--------------------------------------------------------------------------------  
  
Date: Tue, 8 Jun 1999 20:52:40 +0200  
From: Peter van Dijk <[email protected]>  
To: [email protected]  
Subject: Re: NTMail3 has open relay hole  
  
On Tue, Jun 08, 1999 at 12:07:17PM -0400, Geo. wrote:  
> NTMail version 3 has an open relay exploit that allows anyone to send mail  
> thru the server even if it's not local.  
>  
> See http://www.nthelp.com/40/ntmailspam.htm for the details.  
  
Note that the <> mentioned here is the empty envelope sender which is  
required for bounces. Allowing it thru is still kinda stupid tho. A spammer  
exploiting this doesn't have to care about where his bounces go either :)  
  
Greetz, Peter  
--  
| 'He broke my heart, | Peter van Dijk |  
I broke his neck' | [email protected] |  
nognikz - As the sun | Hardbeat@ircnet - #cistron/#linux.nl |  
| Hardbeat@undernet - #groningen/#kinkfm/#vdh |  
  
--------------------------------------------------------------------------------  
  
Date: Thu, 10 Jun 1999 16:39:06 +0100  
From: John Stanners <[email protected]>  
To: [email protected]  
Subject: Re: NTMail 3 open relay  
  
We have reviewed the posting of "NTMail version 3.x" being an open relay  
and there are several observations we would like to make:  
  
1. The last version 3 of NTMail is very old version and was superceded  
by version 4 in August 1998. Version 3.03.0018 is available on our  
FTP site for no charge for those who wish to update to the latest  
version 3. It is no longer available for purchase.  
  
2. It is *not* true that NTMail is "an open relay" unless the relay options  
are changed from their default.  
  
3. More flexibility in the relaying options were introduced in version  
4 of NTMail which is available from http://www.ntmail.co.uk or  
[email protected].  
  
In addition to normal support mechanisms, we welcome feedback of all kinds  
by e-mail to [email protected].  
  
Many thanks for allowing us to set the record straight.  
  
John Stanners  
Gordano Ltd  
  
--------------------------------------------------------------------------------  
  
Date: Wed, 9 Jun 1999 16:36:40 -0700  
From: James Stephens <[email protected]>  
To: [email protected]  
Subject: Re: NTMail3 has open relay hole  
  
At 12:07 PM 6/8/99 -0400, Geo. wrote:  
>NTMail version 3 has an open relay exploit that allows anyone to send mail  
>thru the server even if it's not local.  
>  
>See http://www.nthelp.com/40/ntmailspam.htm for the details.  
Well, I tried out that little trick on a more recent version of NTMail  
3.03.0006 and it didn't allow the relay. There is basic juce functionality  
in that version.  
  
  
Regards,  
  
  
James Stephens [email protected]  
Network Administrator 714-254-0200  
Internet Performance Fax: 714-254-0600   
`