FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

spamdyke -- open relay

Affected packages
spamdyke < 3.1.8

Details

VuXML ID 555ac165-2bee-11dd-bbdc-00e0815b8da8
Discovery 2008-05-21
Entry 2008-05-27
Modified 2010-05-12

Spamdyke Team reports:

Fixed smtp_filter() to reject the DATA command if no valid recipients have been specified. Otherwise, a specific scenario could result in every spamdyke installation being used as an open relay. If the remote server connects and gives one or more recipients that are rejected (for relaying or blacklisting), then gives the DATA command, spamdyke will ignore all other commands, assuming that message data is being transmitted. However, because all of the recipients were rejected, qmail will reject the DATA command. From that point on, the remote server can give as many recipients as it likes and spamdyke will ignore them all -- they will not be filtered at all. After that, the remote server can give the DATA command and send the actual message data. Because spamdyke is controlling relaying, the RELAYCLIENT environment variable is set and qmail won't check for relaying either. Thanks to Mirko Buffoni for reporting this one.

References

CVE Name CVE-2008-2784
URL http://www.spamdyke.org/documentation/Changelog.txt