Lotus Domino includes an SMTP server. Under certain configurations, an intruder may be able to relay mail to third parties through the Domino SMTP server.
An "open" mail server is one that will send mail that is not addressed to and does not originate from a local user. Open mail servers are sometimes called "open mail relays", "mail relays", "third-party mail servers" or similar names. Intruders who wish to conceal their true location often send mail through an open mail server. For more information on open mail servers, see
Intruders can use Lotus Domino SMTP servers to relay mail to arbitrary third parties.
Apply an update from Lotus when it is available. Lotus is tracking this issue as SPR# MLOT4THVGP. See their vendor statement for additional information.
Until an update is available, you can avoid this problem through several techniques. First, you can use the anti-relay facilities provided by Domino. By putting a "*" in the "Deny messages from external Internet domains to be sent to the following Internet domains" field you can prevent mail originating externally from being delivered to a third-party site. Second, a third-party mail server (such as sendmail) may be able to filter out certain types of messages. For sendmail 8.10 and later, it has been reported that editing /etc/mail/sendmail.cf file and changing the line that reads "Kdequote dequote" to "Kdequote dequote -S" stops attempts to exploit this weakness.
Our thanks to Kreigh Tomaszewski, James Kersjes, Joe McMahon and Al Wever of Alticor, Inc., and Richard Rongle of Sendmail, Inc., for reporting this problem and providing technical assistance.
This document was written by Shawn V. Hernan
|Date First Published:||2001-03-02|
|Date Last Updated:||2001-03-11 03:46 UTC|