lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080510181814.GB2782@fries.net>
Date: Sat, 10 May 2008 13:18:14 -0500
From: "Todd T. Fries" <todd@...es.net>
To: Michael Scheidell <scheidell@...nap.net>
Cc: pablo.ximenes@....edu, bugtraq@...urityfocus.com
Subject: Re: Exploiting Google MX servers as Open SMTP Relays

Oh and btw, unless you have another different issue you are reporting,
this well documented behavior has been reported before:

  http://rss.slashdot.org/~r/Slashdot/slashdot/~3/266688832/article.pl

*grumble*
-- 
Todd Fries .. todd@...es.net

 _____________________________________________
|                                             \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC                 \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com             \  1.866.792.3418 (FAX)
| "..in support of free software solutions."  \  1.700.227.9094 (IAXTEL)
|                                             \          250797 (FWD)
 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
                                                 
              37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
                        http://todd.fries.net/pgp.txt

Penned by Todd T. Fries on 20080510 13:04.42, we have:
| Yes this is very frustrating.
| 
| The details are not so hard to guess.  Unless this post is different,
| anyone can send an email to a nonexistent user at a google service and
| they accept it and bounce back to the envelope recipient. *sigh*.
| 
| We are going back to the stone age by copying qmails default stupidity.
| 
| This is doing very much harm.
| 
| I would even go as far as to say that Google is making a business case for
| its latest purchase, postini, in a very evil way, every second this proble
| goes unsolved.
| 
| *sigh*
| -- 
| Todd Fries .. todd@...es.net
| 
|  _____________________________________________
| |                                             \  1.636.410.0632 (voice)
| | Free Daemon Consulting, LLC                 \  1.405.227.9094 (voice)
| | http://FreeDaemonConsulting.com             \  1.866.792.3418 (FAX)
| | "..in support of free software solutions."  \  1.700.227.9094 (IAXTEL)
| |                                             \          250797 (FWD)
|  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
|                                                  
|               37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
|                         http://todd.fries.net/pgp.txt
| 
| Penned by Michael Scheidell on 20080510  9:55.32, we have:
| | 
| | 
| | > From: <pablo.ximenes@....edu>
| | > Date: 7 May 2008 20:37:46 -0000
| | > To: <bugtraq@...urityfocus.com>
| | > Subject: Exploiting Google MX servers as Open SMTP Relays
| | > 
| | > 
| | > Vulnerability Report:
| | > 
| | > As part of our recent work on the trust hierarchy that exists among email
| | > providers throughout the Internet, we have uncovered a serious security flaw
| | > in Ggoogle's free email service, Gmail.
| | > 
| | > Disclosure:
| | > We have contacted Google about this issue and are waiting for their position
| | > before releasing further details.
| | > 
| | 
| | Don't hold our breath.. I have tried to get them to close this very hole for
| | maybe a year now.
| | 
| | (see/'google' for posts in bugtraq and spamassassin users group showing
| | headers from unrelated domains sending spam through google mail servers..
| | They ignore the emails to abuse@...gle.com)
| | 
| | 
| | -- 
| | Michael Scheidell, CTO
| | >|SECNAP Network Security
| | Winner 2008 Network Products Guide Hot Companies
| | FreeBSD SpamAssassin Ports maintainer
| | 
| | _________________________________________________________________________
| | This email has been scanned and certified safe by SpammerTrap(r). 
| | For Information please see http://www.spammertrap.com
| | _________________________________________________________________________

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ