SecurityFocus

Exploiting Google MX servers as Open SMTP Relays May 07 2008 08:37PM
pablo ximenes upr edu (2 replies)

Re: Exploiting Google MX servers as Open SMTP Relays May 10 2008 01:55PM
Michael Scheidell (scheidell secnap net) (1 replies)

Re: Exploiting Google MX servers as Open SMTP Relays May 10 2008 06:04PM
Todd T. Fries (todd fries net) (3 replies)

Yes this is very frustrating.

The details are not so hard to guess. Unless this post is different,
anyone can send an email to a nonexistent user at a google service and
they accept it and bounce back to the envelope recipient. *sigh*.

We are going back to the stone age by copying qmails default stupidity.

This is doing very much harm.

I would even go as far as to say that Google is making a business case for
its latest purchase, postini, in a very evil way, every second this proble
goes unsolved.

*sigh*
--
Todd Fries .. todd (at) fries (dot) net [email concealed]

_____________________________________________
| \ 1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \ 1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX)
| "..in support of free software solutions." \ 1.700.227.9094 (IAXTEL)
| \ 250797 (FWD)
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt

Penned by Michael Scheidell on 20080510 9:55.32, we have:
|
|
| > From: <pablo.ximenes (at) upr (dot) edu [email concealed]>
| > Date: 7 May 2008 20:37:46 -0000
| > To: <bugtraq (at) securityfocus (dot) com [email concealed]>
| > Subject: Exploiting Google MX servers as Open SMTP Relays
| >
| >
| > Vulnerability Report:
| >
| > As part of our recent work on the trust hierarchy that exists among email
| > providers throughout the Internet, we have uncovered a serious security flaw
| > in Ggoogle's free email service, Gmail.
| >
| > Disclosure:
| > We have contacted Google about this issue and are waiting for their position
| > before releasing further details.
| >
|
| Don't hold our breath.. I have tried to get them to close this very hole for
| maybe a year now.
|
| (see/'google' for posts in bugtraq and spamassassin users group showing
| headers from unrelated domains sending spam through google mail servers..
| They ignore the emails to abuse (at) google (dot) com [email concealed])
|
|
| --
| Michael Scheidell, CTO
| >|SECNAP Network Security
| Winner 2008 Network Products Guide Hot Companies
| FreeBSD SpamAssassin Ports maintainer
|
| ________________________________________________________________________
_
| This email has been scanned and certified safe by SpammerTrap(r).
| For Information please see http://www.spammertrap.com
| ________________________________________________________________________
_

[ reply ]

Re: Exploiting Google MX servers as Open SMTP Relays May 11 2008 09:37AM
Bojan Zdrnja (bojan zdrnja gmail com)

Re: Exploiting Google MX servers as Open SMTP Relays May 11 2008 02:42AM
Clifton Royston (cliftonr lava net)

Re: Exploiting Google MX servers as Open SMTP Relays May 10 2008 06:18PM
Todd T. Fries (todd fries net) (1 replies)

Re: Exploiting Google MX servers as Open SMTP Relays May 10 2008 07:03PM
Lamont Granquist (lamont scriptkiddie org)

Re: Exploiting Google MX servers as Open SMTP Relays May 08 2008 02:32AM
Gadi Evron (ge linuxbox org)