Happy Thanksgiving all!
While I don't think I'll get a response to this
question over the holidays, I thought I'd at least present
it for response post Thanksgiving.
I have a site that (along with others) has decided
to use MSExchange as their SMTP hub. One of the problems I am
seeing with this is that the current configuration allows for
any inbound domain traffic. In otherwords, the exchange server
seems to allow emails destin for any domain, then sends a None
Delivery Report to the "Mail From" party. My argument is that
there lies an exploit with this senario. In otherwords (and those
of you that probably know where I am going with this just skip
ahead) If I send an email to JoeSmo@domain.com and spoof the
Mail From as Victim@innocentdomain.com to an Exchange Server
setup in this manor, the Exchange server will bounce an email
to the Victim@innoccentdomain.com. While this is all fine and
dandy, if a person(s) decides to use this as a mailbomb method
and exploit this, its rather simple to do. So, in short I am
1> Mail destine for a domain not handled should be 550 Denied.
2> None Delivery Reports should only be sent for Domains Handled.
3> That a Firewall should not be doing Domain checking for SMTP
What I am at a loss for is RFCs that explicitly state this, that
is NDR for other domains, and accepting for other domains.
Perhaps I missed something or one of them.
Anyone have to deal with this situation?
Any suggestions on how to argue this?
Am I perhaps missing something?
Does Bill Gates feel that "Monopoly is just a game, I want the world!"
Thanks in advance, and again Happy Thanksgiving!