|
|
BugTraq
Exploiting Google MX servers as Open SMTP Relays May 07 2008 08:37PM pablo ximenes upr edu (2 replies) Re: Exploiting Google MX servers as Open SMTP Relays May 10 2008 01:55PM Michael Scheidell (scheidell secnap net) (1 replies) Re: Exploiting Google MX servers as Open SMTP Relays May 10 2008 06:04PM Todd T. Fries (todd fries net) (3 replies) Re: Exploiting Google MX servers as Open SMTP Relays May 11 2008 09:37AM Bojan Zdrnja (bojan zdrnja gmail com) Re: Exploiting Google MX servers as Open SMTP Relays May 11 2008 02:42AM Clifton Royston (cliftonr lava net) Re: Exploiting Google MX servers as Open SMTP Relays May 08 2008 02:32AM Gadi Evron (ge linuxbox org) |
|
Privacy Statement |
this well documented behavior has been reported before:
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/266688832/article.pl
*grumble*
--
Todd Fries .. todd (at) fries (dot) net [email concealed]
_____________________________________________
| \ 1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \ 1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX)
| "..in support of free software solutions." \ 1.700.227.9094 (IAXTEL)
| \ 250797 (FWD)
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt
Penned by Todd T. Fries on 20080510 13:04.42, we have:
| Yes this is very frustrating.
|
| The details are not so hard to guess. Unless this post is different,
| anyone can send an email to a nonexistent user at a google service and
| they accept it and bounce back to the envelope recipient. *sigh*.
|
| We are going back to the stone age by copying qmails default stupidity.
|
| This is doing very much harm.
|
| I would even go as far as to say that Google is making a business case for
| its latest purchase, postini, in a very evil way, every second this proble
| goes unsolved.
|
| *sigh*
| --
| Todd Fries .. todd (at) fries (dot) net [email concealed]
|
| _____________________________________________
| | \ 1.636.410.0632 (voice)
| | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice)
| | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX)
| | "..in support of free software solutions." \ 1.700.227.9094 (IAXTEL)
| | \ 250797 (FWD)
| \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\|
| 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
| http://todd.fries.net/pgp.txt
|
| Penned by Michael Scheidell on 20080510 9:55.32, we have:
| |
| |
| | > From: <pablo.ximenes (at) upr (dot) edu [email concealed]>
| | > Date: 7 May 2008 20:37:46 -0000
| | > To: <bugtraq (at) securityfocus (dot) com [email concealed]>
| | > Subject: Exploiting Google MX servers as Open SMTP Relays
| | >
| | >
| | > Vulnerability Report:
| | >
| | > As part of our recent work on the trust hierarchy that exists among email
| | > providers throughout the Internet, we have uncovered a serious security flaw
| | > in Ggoogle's free email service, Gmail.
| | >
| | > Disclosure:
| | > We have contacted Google about this issue and are waiting for their position
| | > before releasing further details.
| | >
| |
| | Don't hold our breath.. I have tried to get them to close this very hole for
| | maybe a year now.
| |
| | (see/'google' for posts in bugtraq and spamassassin users group showing
| | headers from unrelated domains sending spam through google mail servers..
| | They ignore the emails to abuse (at) google (dot) com [email concealed])
| |
| |
| | --
| | Michael Scheidell, CTO
| | >|SECNAP Network Security
| | Winner 2008 Network Products Guide Hot Companies
| | FreeBSD SpamAssassin Ports maintainer
| |
| | ________________________________________________________________________
_
| | This email has been scanned and certified safe by SpammerTrap(r).
| | For Information please see http://www.spammertrap.com
| | ________________________________________________________________________
_
[ reply ]