CVE
- Id
- 509
- CVE No.
- CVE-1999-0512
- Status
- Candidate
- Description
- A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.
- Phase
- Modified (20020427-01)
- Votes
- ACCEPT(3) Baker, Northcutt, Shostack | MODIFY(1) Frech | NOOP(1) Christey
- Comments
- Frech> XF:smtp-sendmail-relay(210) | XF:ntmail-relay(2257) | XF:exchange-relay(3107) (also assigned to CVE-1999-0682) | XF:smtp-relay-uucp(3470) | XF:sco-sendmail-spam(4342) | XF:sco-openserver-mmdf-spam(4343) | XF:lotus-domino-smtp-mail-relay(6591) | XF:win2k-smtp-mail-relay(6803) | XF:cobalt-poprelayd-mail-relay(6806) | | Candidate implicitly may refer to relaying settings enabled by default, or | the bypass/circumvention of relaying. Both interpretations were used in | assigning this candidate. | Christey> The intention of this candidate is to cover configurations in | which the admin has explicitly enabled relaying. Other cases | in which the application *intends* to prvent relaying, but | there is some specific input that bypasses/tricks it, count | as vulnerabilities (or exposures?) and as such would be | assigned different numbers. | | http://www.sendmail.org/~ca/email/spam.html seems like a good | general resource, as does ftp://ftp.isi.edu/in-notes/rfc2505.txt | Christey> I changed the description to make it more clear that the issue | is that of explicit configuration, as opposed to being the | result of a vulnerability.
