`Date: Tue, 4 May 1999 08:53:14 +0200
From: Joachim Larsson <[email protected]>
To: [email protected]
Subject: AS/400
Hello all.
I played around with smtp on a as/400+domino machine and found two
obvious bugs, then notified IBM, revieved a ptf, then posted here.
1: telnet (host) 25, then start feeding chars. After about 200-300
chars the smtp-subsystem will die, needing to be restarted.
2: change your replyto-address and fromaddress to an non-existing
user/domain then mail to an non-existing user on the 400/domino. This
will cause the mail to loop endlessly between the smtp-subsystem and the
domino subsystem.
This is for general knowledge only, trying to "force" people with
400/domino to react and secure their machines.
Sincerely,
---
(put your favourite signature here)
-----------------------------------------------------------------------------
Date: Wed, 5 May 1999 08:52:42 -0500
From: Ryan Permeh <[email protected]>
To: [email protected]
Subject: Re: AS/400
Yeah, i found this a while back on non domino smtp daemons on as400's also.
it's a somewhat simple solution to fix (just turn the SMTP service back
on), but SMTP can be shut off across the network. i know this worked on
as400 3.X, i haven't had a chance to test on any of the domino types or the
4.X OS levels
Ryan
-----------------------------------------------------------------------------
Date: Wed, 5 May 1999 13:34:40 +0200
From: Pavel Ahafonau <[email protected]>
To: [email protected]
Subject: Re: AS/400
>I played around with smtp on a as/400+domino machine and found two
>obvious bugs, then notified IBM, revieved a ptf, then posted here.
>1: telnet (host) 25, then start feeding chars. After about 200-300
>chars the smtp-subsystem will die, needing to be restarted.
>2: change your replyto-address and fromaddress to an non-existing
>user/domain then mail to an non-existing user on the 400/domino. This
>will cause the mail to loop endlessly between the smtp-subsystem and the
>domino subsystem.
This is good known bug which is not related to AS/400 at all.
This causes to die only Lotus Domino 4.6.1.
I've tried to kill our Lotus Domino 4.6.4 and it still alive ~80)
As for SMTP and Lotus Notes/Domino this is a big problem for it's users
because there no any anti-spam protection like in Sendmail.
Now we are playing with 5th Lotus Domino and there are all this bugs fixed
and anti-spam implemented ~80)
Best regards,
Paully A. Ahafonau.
International Business Alliance (http://www.iba.com.by)
-----------------------------------------------------------------------------
Date: Thu, 6 May 1999 15:37:43 -0500
From: Justin Golden <[email protected]>
To: [email protected]
Subject: Re: AS/400
In fact, you can disable mail forwarding, and thereby avoid the Spam threat
by adding this undocumented parameter to the notes.ini file:
SMTPMTA_REJECT_RELAYS=1
Any mail forwarding will bounce directly back to the sender.
Justin Golden
Precision Systems Concepts
> As for SMTP and Lotus Notes/Domino this is a big problem for it's users
> because there no any anti-spam protection like in Sendmail.
> Now we are playing with 5th Lotus Domino and there are all this bugs fixed
> and anti-spam implemented ~80)
>
> Best regards,
> Paully A. Ahafonau.
>
> International Business Alliance (http://www.iba.com.by)
>
-----------------------------------------------------------------------------
Date: Fri, 7 May 1999 08:44:11 +0200
From: Magosanyi Arpad <[email protected]>
To: [email protected]
Subject: Domino [was: AS/400]
A levelezõm azt hiszi, hogy Pavel Ahafonau a következõeket írta:
> As for SMTP and Lotus Notes/Domino this is a big problem for it's users
> because there no any anti-spam protection like in Sendmail.
> Now we are playing with 5th Lotus Domino and there are all this bugs fixed
> and anti-spam implemented ~80)
There are still problems with Domino anti-spam: If you send a smtp mail
to a domino user who's forwarding address is a smtp address, the domino
smtp MTA will reject the message.
This is security related only by the fact that most of the notes admins
will choose to disable anti-spam after encountering this problem first.
--
GNU GPL: csak tiszta forrásból
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation