Print Page | Close Window

Possible bug / warning... Depends on how you look at it....

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=3722
Printed Date: 02 April 2025 at 12:38am


Topic: Possible bug / warning... Depends on how you look at it....
Posted By: Guests
Subject: Possible bug / warning... Depends on how you look at it....
Date Posted: 08 June 2004 at 8:28am

There is a possible bug in Spamfilter ISP that might cause spammers to relay DEPENDING on the topolgy and settings on your servers. If you have whitelisted f.ex domain1.com in Spamfilter ISP, a spammer can use mailto:*@domain1.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - *@domain1.com  as from-address to send spam to people outside our company IF you have the same configuration as we do...

Here's my example :

We run Spamfilter ISP 2.0.1.347

We have the followin topology in our mailsystem :

INTERNET --> SPAMFILTER ISP --> TREND IMSS --> LOTUS DOMINO

A person send mail from the Internet, the mail goes to our Spamfilter ISP server, then it goes to our Trend InterScan Messaging Security Suite server, and then to our Lotus Domino server. Trend IMSS "trusts" the Spamfilter ISP server, because we need to allow Spamfilter ISP to push the mail to Trend IMSS.

Now the possible bug ; When a domain is whitelisted in Spamfilter ISP, it passes every chech, EVEN the Local Domains setting. Even if the recepients domain is not listed in Local Domains it will pass. In my opinion the mail should be dropped here since domain1.com is not listed in Local Domains (it's only in the whitelist).

Since it pass all the checks because the senders domain is whitelisted, it goes to Trend IMSS which again trusts the Spamfilter ISP server, and then Trend IMSS relay the mail to the intended recepient f.ex mailto:idontwantspam@domain2.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - idontwantspam@domain2.com . Trend IMSS is also our outbound mailserver.

There's two things that can be done to solve this.

1. Set Trend IMSS not to "trust" Spamfilter ISP. Then it will only accept mail to the domains specified in the configuration.

2. Make Spamfilter ISP drop all mail sendt to domains NOT listed in Local Domains.

I can solve it by doing #1, but I think it's important to address this issue since it might be others who have the same configuration as we do.

Logsat : Do you consider this issue as a bug? I personally think if a recepient-domain is not listed in Local Domains, it should be rejected, even if it's whitelisted.

Best regards,
Morten Authen
NSF


Replies:
Posted By: LogSat
Date Posted: 08 June 2004 at 9:56pm

Morten,

We absolutely agree with your observation. SpamFilter ISP is not supposed to deliver any emails unless the recipient is in the local domains. We were able to verify your report, and consider this a bug. A new official release was supposed to be released tonite, we will delay it until this issue is fixed, which will happen very shortly as we consider this a big issue.

Thanks for bringing this to our attention.

Roberto F.
LogSat Software

Posted By: Guests
Date Posted: 09 June 2004 at 4:06am

Great, this will make things more secure :-)

Thanks!

Best regards
Morten Authen
NSF


Print Page | Close Window